CVE-2018-6353

Name of the Vulnerable Software and Affected Versions Electrum versions 2.9.4 and earlier Electrum versions 3.0.5 and earlier

Description The issue allows attackers to steal Bitcoin by executing arbitrary Python code, potentially through social-engineering attacks where a user pastes code they do not understand, or through code pasted by a physically proximate attacker at an unattended workstation. This code can run at a later time when the wallet password has been entered, allowing for unauthorized access.

Recommendations For Electrum versions 2.9.4 and earlier, update to a version later than 2.9.4 to resolve the issue. For Electrum versions 3.0.5 and earlier, update to a version later than 3.0.5 to resolve the issue. As a temporary workaround, consider disabling the Python console feature until a patch is available. Restrict access to the workstation when the wallet is open to minimize the risk of exploitation.