Almost $1 Million Stolen in Phishing Attack on Electrum Wallet

Popular cryptocurrency wallet Electrum is in the midst of an ongoing hack which saw almost $1 million in Bitcoin stolen so far, Reddit users discovered on December 27, 2018.

250 BTC Stolen in Electrum Wallet Hack

It seems that hackers aren’t lying idle during Christmas time, as a popular cryptocurrency wallet has reportedly experienced one of the largest thefts of the month.

According to Finance Magnates, at least 240 bitcoin, worth around $1 million, were transferred to several blockchain wallets from multiple Electrum users. The blockchain wallets were then quickly consolidated, and the funds moved to another address.

A Reddit user by the name of Analyst was among the first to break the news, explaining in detail how the wallets were hacked. The hackers had set up multiple malicious servers, which, when connected to an Electrum Wallet, would broadcast an official-looking message telling users to update their accounts.

The message included a scam URL, which stole the intended BTC transaction from the users. And while many Electrum users reported a “hack,” a Reddit user pointed out that the attack utilized the server response/messaging capability to phish users.   

“The attacker amplified their reach by spinning up more malicious servers which could loosely be considered a Sybil attack,” the user wrote on Reddit.

Affected users reported Electrum requiring a two-factor authentication code upon login, Finance Magnates wrote, which is when the thefts occurred. “I kept trying to send and kept getting an error code ‘max fee exceeded no more than 50 sat/B [satoshis per byte]’ I then restored my wallet on a separate pc and found that my balance had been transferred out in full,” a Reddit user explained.

Crypto Thefts on the Rise

Electrum confirmed the attack on Twitter but did not provide any additional details on the scale of the issue. The company did point out that the attack was “ongoing,” which means that there could be more affected users.

This is the first time Electrum, a free software used by many cryptocurrency websites, including merchants and exchanges, was hacked. Due to increased layers of security, most companies employ, wallet hacks are relatively rare, with most thefts afflicting online exchanges instead.

According to a report from Reuters India, losses caused by cryptocurrency exchanges have risen 250 percent in 2018 since last year, with $927 million being lost in the first nine months of the year.

CipherTrace’s Q3 Cryptocurrency Anti-Money Laundering report found that $731 million worth of cryptocurrencies was stolen from exchanges alone, with the Coincheck hack accounting for $530 million.

Phishing attacks, on the other hand, affected far fewer users, with the report stating that CoinHoarder phishing attempts led to around $50 million being lost.