A vulnerability has been found and fixed in the Electrum wallet, both for the Bitcoin and Dash versions.
Electrum, a popular light wallet for Bitcoin, was recently found to have a critical vulnerability dating back two years. The vulnerability allowed for an attacker to use JavaScript to steal Bitcoin from the wallet, as long as the wallet was unencrypted without a password. The vulnerability was first disclosed late last year, but did not get patched until the last few days.
The bitcoin wallet Electrum allows any website to steal your bitcoins. I was gonna report it…but there was already an open issue from last year. I pointed out this is kinda critical, and they made a new release within a few hours. Update to 3.0.4 if you use it.
— Tavis Ormandy (@taviso) January 7, 2018
Vulnerability also affected the Dash Electrum wallet, which has also been patched
As this vulnerability dates back several years, it also affects the Dash version of the Electrum wallet. Luckily, the Dash Core team has issued a patch to fix this vulnerability as well. Users should update to the latest version as soon as possible in order to avoid risks.
#Dash Electrum update !
(due to recent found Electrum vulnerability)https://t.co/VSfL1bifsm has fixed release of 2.9.3 electrum (as 2.9.3.1)
gpg-signed as `akhavr@khavr.com`as usual, backup your wallets/seeds before updating to a new version#DigitalCash #Crypto
— DASH (@Dashpay) January 8, 2018
The need for strong security cannot be overstated
The priority of implementing strong security practices is imperative in a cryptocurrency ecosystem where users are responsible for their own funds. Users should be careful with trusting wallets that do not allow them to have control over their own private keys, password protect their wallets, and maintain top security and control over their devices. Users should also take care when buying hardware wallets from third-party resellers (one victim lost life savings due to a tampered-with device) and buy directly from the trusted manufacturer.
