The masses were awoken to shock as light was brought upon a bug that has been lying dormant and undetected in Intel computer chips for over two years. The bug was uncovered by Tavis Ormandy, a Google vulnerability researcher who came across it via a flaw that had been flagged late last year. Within hours of Ormandy’s discovery, Electrum was on the spot concocting a patch to destroy it.
The bug meant nothing good for bitcoin wallets as thousands were openly exposed. This bug allowed any website that was hosting Electrum wallets to openly rob a user of their cryptocurrency. Passwords were fully up for grabs which meant hackers had their way with as many wallets as they pleased.
This can mean a lot of inconvenience and loss for those plunged into the world of cryptocurrency. Theymos, an admin for a Bitcointalk forum post further explained the threats and what security measures can be taken. “If at any point in the past you had Electrum open with no wallet passphrase set; and had a webpage open then it is possible that your wallet is already compromised. Particularly paranoid people might want to send all of the BTC in their old Electrum wallet to a newly-generated Electrum wallet.”
He extended that comment on a later date, “If you had no wallet password set, then theft is trivial. If you had a somewhat-decent wallet password set, then it seems that an attacker could “only” get address/transaction info from your wallet and change your Electrum settings, the latter of which seems to me to have a high chance of being exploitable further. So if you had a wallet password set, you can reduce your panic by a few notches, but you should still treat this very seriously.”
Electrum is a free software that is popular amongst many cryptocurrency websites, like exchanges and merchants. As of today the problem has been patched and no complaints of lost funds have been reported, but no one can be completely certain of the extent of the damage done given that the bug has been around for over two years.