Developers of the popular bitcoin-wallet Electrum have implemented an update that solves the vulnerability issue, which allows scammers to access user accounts. As it has been previously announced, after a user visited a malicious Internet resource with the working Electrum wallet, the attackers could withdraw money from it, using the imperfection of the software. To gain access to the cryptocurrency withdrawal, scammers used the JSON RPC interface (the option is enabled by default), by sending special commands via this interface and stealing money.
It is worth noting that users who have installed quite complex passwords to their wallets, were more protected from fraudulent actions. The main condition for the preservation of funds in this case was the refusal to make payments while a malicious website was open in a browser. Partially this problem was fixed in the update 3.0.4, and finally – in 3.0.5 version of the wallet, which was released on January, 8th. Now the password protection option is enabled by default, and the JSON RPC interface is disabled.