text
text
text
text
text
text
secondary title
Event recovery and analysis
The user is using the Electrum Bitcoin wallet, which was last used in 2017. Electrum has released security updates since then, but the user has not installed them.
When a user uses Electrum to make a transaction, the wallet will broadcast a transaction to the server. If there is a problem with the transaction, the server will return an error message and display it to the user in the form of a pop-up window.
Electrum wallets before version 3.3.2 will not verify the error information returned by the server, and even render the returned information in html (refer to link 4).
text
text
text
text
text
text
secondary title
CertiK Security Team Advice
When users use wallets for transactions, they need to ensure that the wallets are of the latest version. Old versions of wallets may have loopholes that can be exploited by hackers.
When downloading the wallet update, the user should pay attention to verify whether the download URL is consistent with the official one, and verify the signature of the wallet after the download is completed.
Reference link:
Reference link:
1. https://github.com/spesmilo/electrum/issues/5072
2. https://zhuanlan.zhihu.com/p/53920688
3. https://www.blockchain.com/
4. https://github.com/spesmilo/electrum/issues/4968
5. http://twitter.com/electrumwallet/status/1106479573917724672
