Popular wallet developer Electrum has issued an emergency patch for a critical bug in its bitcoin wallets. The flaw allowed any website hosting the Electrum wallet to potentially steal the user’s cryptocurrency. A vulnerability meant that passwords were exposed in the JSONRPC interface, granting hackers complete control of the wallet. The first patch failed to fix the problem however, forcing Electrum to issue a second update on Sunday evening.
A Quick Fix to a Long-Standing Problem
Last week, the tech world was rocked by news of a bug in Intel computer chips that had lain undiscovered for years. It’s a similar story with the Electrum wallet vulnerability, with some reports stating that it had been in existence for over two years. Google vulnerability researcher Tavis Ormandy claims to have discovered the bug, though the flaw had been flagged last year. Within hours of Ormandy pointing out the vulnerability, Electrum had rushed out a patch to remedy it.
In a Bitcointalk forum post, site admin Theymos explained: “If at any point in the past you had Electrum open with no wallet passphrase set; and had a webpage open then it is possible that your wallet is already compromised. Particularly paranoid people might want to send all of the BTC in their old Electrum wallet to a newly-generated Electrum wallet.”
He later updated his post, adding: “If you had no wallet password set, then theft is trivial. If you had a somewhat-decent wallet password set, then it Read More Here