Hodl-Guide icon indicating copy to clipboard operation
Hodl-Guide copied to clipboard

Published 20 hours ago verified publisher icon DriftwoodPalace

Is this method secure from the recent Electrum attacks?

Open LucidJ12 opened this issue 5 years ago • 2 comments

It would seem that running my own Electrum server would mitigate the recent attacks on Electrum. But I want to be sure and was wondering if you had any additional tips for avoiding these attacks.

LucidJ12 avatar Jul 25 '19 15:07 LucidJ12

Also, this Twitter thread regarding use of Ledger for multisig seems to introduce another potential attack vector.

Perhaps if you sign with Trezor first, to confirm you’re sending to the proper address mitigates it?

https://twitter.com/mflaxman/status/1154538947340468224?s=21

LucidJ12 avatar Jul 26 '19 14:07 LucidJ12

  1. To my knowledge, the fishing attacks that was used against Electrum users are patched in the latest versions. But yes, you would've been protected against those attacks if you used your own Electrum Personal Server as it was the servers you otherwise connect to that sent the fishing messages.

  2. Yes, that's unfortunately the case with Ledger. But yes, your solution by showing the address on for example Trezor "solves" this issue.

DriftwoodPalace avatar Jul 30 '19 17:07 DriftwoodPalace