It became apparent this weekend that the commonly used Electrum wallet has a vulnerability that potentially allows random websites to steal the wallet file through Javascript. It’s important for users to avoid opening the Electrum wallet. If you happen to have the wallet active, it’s stringent to immediately close it. An update has been released for Electrum, which addresses the security issue. This new version, 3.0.5, can be found at Electrum.org.

Because the Electrum wallet is open source, a number of altcoin wallets have been developed that display the same vulnerability, such as Electron Cash. For these wallets, the same advice applies: Do not open the wallet. Wait until an update is released for the wallet.

If at any time you had an older version of the Electrum wallet open without a password and a web page open at the same time, the possibility can’t be excluded that someone has access to the bitcoins on your wallet. To exclude this risk, it’s recommendable to make a new wallet in Electron or another wallet program and to send the Bitcoins to this new wallet.

Note: This issue only applies to the Electrum wallet. There is as of yet no reason to assume users of other Bitcoin wallets face similar security risks.