Host Status TCP SSL Server Min Max Pruning Last Good Last Try Tries Source IP Address My current server peers on bitcoin mainnet This is how the attack, live as writing this now, looks on 3.3.2: We did not publicly disclose this until now, as around the time of the 3.3.2 release, the attacker stopped however they now started the attack again. This is not a true fix, but the more proper fix of using error codes would entail upgrading the whole federated server ecosystem out there. Hours after we were sent the screenshot, we silently made mitigations in 5248613 and 5dc240d and released 3.3.2. (EDIT3: looked into this more, see #4968 (comment)) Maybe the server should return error codes (ints) instead, and we could have our own decoding table, but then this would need to be kept in sync with bitcoind. We should also show some additional explanatory text at the beginning (prepend something).įor context, this mechanism of the server returning error message text to txn broadcasts is used to display error messages originating from bitcoind, such as low incremental fee or missing inputs, etc. See this graph on the number of servers hsmiths shared re the peers found by his server:Īt the very least, the message should not be displayed as rich text. To make the attack more effective, the attacker is creating lots of servers (sybils), hence increasing the chance a client would connect to him. get_network_timeout_seconds( NetworkTimeout. server replied with an error containing the above rich text best_effort_reliableĪsync def broadcast_transaction( self, tx, *, timeout = None):.connected to an electrum server operated by the attacker.user was using legitimate electrum client.There wasn't really any extra information given, however most likely the following happened: In relation to #4953, we were privately sent a screenshot that was apparently floating around a German chat room (on ). The error messages are trying to get the user to download and install malware (disguised as updated versions of electrum). The attacker has spawned lots of servers on different /16 IPv4s to increase his chances of being connected to. TL DR: There is an ongoing attack against users where servers raise exceptions when a client broadcasts a transaction in this case the error text is displayed as is in the client GUI. The messages are just messages, they cannot hurt you by themselves. If you see these messages/popups, just make sure you don't follow them and that you don't install what they tell you to install. You should update Electrum from the official website so that servers can no longer do this to you. ![]() So the server you are connected to can try to trick you by telling you to install malware (disguised as an update). ![]() In Electrum versions before 3.3.3, this error is arbitrary text, and what's worse, it is HTML/rich text (as that is the Qt default). EDIT2: To users: when you broadcast a transaction, servers can tell you about errors with the transaction.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |