Phishing Attack on Electrum Wallet Nets Hackers 202 BTC

Francisco Memoria

A hacker (or group of hackers) has recently pulled off a phishing attack on the popular Electrum wallet, tricking users to get a malicious version of its software to steal their funds. So far, the hacker has gotten 202 BTC ($730,000).

According to ZDNet, the attacker added malicious servers to the Electrum wallet network, which saw legitimate wallet users receive an error message urging them to download a wallet update from a malicious GitHub page when they sent transactions that reached one of these malicious servers.

If the users followed through and downloaded the update, a malicious version of the Electrum wallet would be downloaded and would ask the user for a two-factor authentication (2FA) code. This code would then be used to make a legitimate transaction to the attacker’s wallet.

The problem that caused the attack, the news outlet claims, was Electrum’s servers being allowed to trigger popups with customer text inside of its users’ wallets. The attack reportedly began on December 21, and stopped after GitHub admins took down the attackers’ repository.

Despite the slowdown, Electrum’s admins believe the attack will continue in the near future, as soon as the attacker gets a new download location for its malicious files.  SomberNight, a developer at Electrum, stated:

We did not publicly disclose this [attack] until now, as around the time of the 3.3.2 release, the attacker stopped. However they now started the attack again.

Data suggests the attack was more successful in its first few days, as initially the hacker could send users rich-formatted texts, which looked authentic. After the Electrum team silently upgraded its app in response to attack reports, these messages weren’t rendering in the same formatted, and started looking fake.

Currently, the app’s developers are said to be working on taking away the ability to send customized error messages to users, and instead replace these with a preset message on the client’s side, after the problem was decoded by Electrum.

At least 33 malicious servers were identified on the Electrum network, although most believe there are more. Notably hacks aren’t the only thing crypto users need to watch out for. As reported, a McAfee report recently revealed cryptocurrency mining malware grew at least 4,000% over the last year. Exchanges may also pose risks, as allegations that both UPBit and Bithumb faked trading volumes through wash trading have been mounting.