Phishing Attack on Electrum Wallet Nets Hackers 202 BTC

A hacker (or group of hackers) has recently pulled off a phishing attack on the popular Electrum wallet, tricking users to get a malicious version of its software to steal their funds. So far, the hacker has gotten 202 BTC ($730,000).

According to ZDNet, the attacker added malicious servers to the Electrum wallet network, which saw legitimate wallet users receive an error message urging them to download a wallet update from a malicious GitHub page when they sent transactions that reached one of these malicious servers.

If the users followed through and downloaded the update, a malicious version of the Electrum wallet would be downloaded and would ask the user for a two-factor authentication (2FA) code. This code would then be used to make a legitimate transaction to the attacker’s wallet.

The problem that caused the attack, the news outlet claims, was Electrum’s servers being allowed to trigger popups with customer text inside of its users’ wallets. The attack reportedly began on December 21, and stopped after GitHub admins took down the attackers’ repository.

Despite the slowdown, Electrum’s admins believe the attack will continue in the near future, as soon as the attacker gets a new download location for its malicious files. SomberNight, a developer at Electrum, stated:

We did not publicly disclose this [attack] until now, as around the time of the 3.3.2 release, the attacker stopped. However they now started the attack again.

Data suggests the attack was more successful in its first few days, as initially the hacker could send users rich-formatted texts, which looked authentic. After the Electrum team silently upgraded its app in response to attack reports, these messages weren’t rendering in the same formatted, and started looking fake.

Currently, the app’s developers are said to be working on taking away the ability to send customized error messages to users, and instead replace these with a preset message on the client’s side, after the problem was decoded by Electrum.

At least 33 malicious servers were identified on the Electrum network, although most believe there are more. Notably hacks aren’t the only thing crypto users need to watch out for. As reported, a McAfee report recently revealed cryptocurrency mining malware grew at least 4,000% over the last year. Exchanges may also pose risks, as allegations that both UPBit and Bithumb faked trading volumes through wash trading have been mounting.

Disclaimer

The views and opinions expressed by the author, or any people mentioned in this article, are for informational purposes only, and they do not constitute financial, investment, or other advice. Investing in or trading cryptoassets comes with a risk of financial loss.

Phishing Attack on Electrum Wallet Nets Hackers 202 BTC

Disclaimer

Related Articles

Consensys Exec: ‘It Can Be Said With Confidence That the SEC Is Investigating Ethereum’

Cardano Foundation CEO: Cardano ($ADA) ‘Stands at the Verge of a New Era in Decentralized Governance’

SkyBridge Capital Founder Highlights Bitcoin’s Profitability Over Four-Year Periods

You Might Like

Most Read

Bitcoin Price Falls as Fed Chair Powell Expresses Caution on Rate Cuts

Solana Whales See Blood in the Water and Enter Memecoin Buying Spree

Bitcoin Halving 2024: ‘Explosive Cocktail’ from Reduced Supply and Spot ETF Demand, Says Nexo Co-Founder

AI Will Need ‘Trillions’ of Dollars of Investment in Infrastructure, Says BlackRock CEO Larry Fink

Solana ($SOL) Price Set to Climb Higher, Says Crypto Analyst Who Called 2018 Market Bottom