Electrum, one of the most popular Bitcoin wallets out there, has been found with a critical vulnerability that could put in risk all funds held in users’ wallets, according to Bitcointalk administrator theymos.
The aforementioned vulnerability was found yesterday by a Github user going by the name taviso, who not only published it, but also explained how he was able to reproduce the bug. Hours later, an update attempting to patch it was issued, instructing users to stop using their current version as soon as possible, and proceeding to install the newer version (3.0.4).
According to theymos, users that are most vulnerable to an eventual attack are those that “had Electrum open with no wallet passphrase set”, and “had a webpage open”. However, if they have set a password, then the odd of having their wallets compromised are reduced, but still likely to lead to another exploit that would wipe out their funds.
Electrum is one the most popular and trusted offline software wallet. Created in November 2011 by Thomas Voegtlin, it has since then grew in community supporters and developers, constantly looking for exploits and other security holes in it. The wallet can be installed in various operating system such as Linux, Windows, OSX and Android, as well as from Python sources.
Among its features, it has encrypted wallet, deterministic key generation (for recovering the wallet if ever lost), local transactions signing, and its open source. It is considered one of the top software Bitcoin wallets by various tech blogs and experts. Digital Trends thinks of it as “A fast and private offline software wallet,” while 99Bitcoins gave it an 8.6 out of 10, citing “fast, secure and stable wallet.”