Back to the list

Electrum Wallet Phishing Attack Nets Hackers $900K in Bitcoin


bitcoinist.com 28 December 2018 09:00, UTC
Reading time: ~3 m

Hackers managed to steal close to $900,000 worth of Bitcoin from Electrum wallet users via a phishing attack. While the attacks seem to have come to a halt, Electrum Devs say the hackers can launch new exploits since the issue hasn’t been permanently fixed.

Fake Electrum Wallet ‘Update’ Phishing Attack

The news of the attack first appeared on GitHub via one of Electrum’s developers code-named SomberNight. Starting on Friday (Dec. 21, 2018), hackers began tricking Electrum wallet users into downloading an update, which turned out to be from a malicious source.

The hackers uploaded a bunch of malicious serves to the main network of the Electrum wallet. Once a user initiates a BTC transaction that reaches one of these servers, an error message pops up. This error message tries to trick them into downloading a fake Electrum wallet app.

If the user falls victim and downloads the malicious wallet, a message asking for two-factor authentication (2FA) shows up. This occurrence is unusual given that 2FA only comes into play when transferring BTC not when starting up the wallet. Once the user gives up their 2FA code, the hackers can siphon all the Bitcoin in the wallet.

As at press time, the hackers seem to have consolidated their loot into one BTC address which holds about 243 BTC (over $890,000).

Similar Attacks Will Likely Continue

CasaHodl CTO Jameson Lopp, a veteran software developer, explained that users who connect to their Electrum server were unaffected in the hack.

“A sybil + malware attack is ongoing against Electrum Wallet users,” he cautioned on Twitter.

If you see a message asking you to upgrade, don’t click on it! Users who only connect to their own personal Electrum server are unaffected.

Several comments on Reddit also back up Lopp’s statements saying that those running full nodes have no reason to worry.

Update ONLY From the Offical Electrum Website

Meanwhile, the Electrum Devs are urging users not to download any update from a source apart from the official website. Responding to the attacks, the project team updated the wallet app with a new upgrade that prevents the rendering of rich HTML text.

Commenting on this effort, SomberNight said:

We did not publicly disclose this until now, as around the time of the 3.3.2 release, the attacker stopped; however, they now started the attack again.

A more permanent solution would be to eliminate the ability to send customized error messages. This would prevent hackers from being able to send error codes that the wallet can decode into a message advising a specific action.

Without taking such steps, the hackers can continue the phishing attack. With a new download link, they can continue the attacks seeing as the project team says there are about 50 malicious servers.

Phishing attacks are one of the many means used by cybercriminals to steal cryptocurrency. In September, Bitcoinst reported on the use of fake websites in Singapore to steal credit card information.

Do you think the Electrum Devs will be able to find a lasting solution to this new phishing hack? Please share your thoughts with us in the comments below.

Image courtesy of GitHub and Twitter (@lopp).

Back to the list