text

text

text

text

text

text

secondary title

Event recovery and analysis

The user is using the Electrum Bitcoin wallet, which was last used in 2017. Electrum has released security updates since then, but the user has not installed them.

When a user uses Electrum to make a transaction, the wallet will broadcast a transaction to the server. If there is a problem with the transaction, the server will return an error message and display it to the user in the form of a pop-up window.

Electrum wallets before version 3.3.2 will not verify the error information returned by the server, and even render the returned information in html (refer to link 4).

text

text

text

text

text

text

secondary title

CertiK Security Team Advice

• When users use wallets for transactions, they need to ensure that the wallets are of the latest version. Old versions of wallets may have loopholes that can be exploited by hackers.

• When downloading the wallet update, the user should pay attention to verify whether the download URL is consistent with the official one, and verify the signature of the wallet after the download is completed.

• Reference link:

Reference link:

1. https://github.com/spesmilo/electrum/issues/5072

2. https://zhuanlan.zhihu.com/p/53920688

3. https://www.blockchain.com/

4. https://github.com/spesmilo/electrum/issues/4968

5. http://twitter.com/electrumwallet/status/1106479573917724672