For almost two years, hackers could have easily stolen your prized stash of bitcoins if you were keeping them in the popular software wallet Electrum, thanks to a critical security vulnerability that went unpatched until now.

The vulnerability allowed any website (and anyone controlling the site a victim browsed, like a hacker) to steal bitcoins stored using Electrum, as long as the software was running and there was no encryption password set up, according to security researchers. The bug was initially reported by Github user “jsmad” on November 24, 2017. Electrum, however, didn’t fully patch the bug until Sunday, January 7, and only after Google security researcher alerted them to how serious the bug really was.

Read full news article on