A user who goes by the handle “”jsmad” recently informed the ELectrum team of a vulnerability in their wallet after discovering it while scanning the internet for exposed JSON RPC ports.
However, the Electrum team apparently did not act on jsmad’s bug report, but eventually addressed the issue when notable Google security researcher Tavis Ormandy explained why the flaw was critical.
User @h43z also tweeted a video showing the attack described by Ormandy.
The Electrum team published a fix right after and are now urging users to update their apps to the latest version.
Source: Bleeping Computer