Malware scammers are using fake Electrum wallet updates to defraud investors of more than $22 million in bitcoin. 

According to a report by ZDNet, cybercrime gangs are using a simple technique to send fake updates to Electrum wallet holders. Users are then tricked into downloading malware programs that steal their bitcoin and crypto-assets. 

ZDNet claims the technique first emerged in December 2018, with a new wave of attacks emerging last month. 

The report reads, 

Users of the Electrum Bitcoin wallet app received an unexpected update request via a popup message, they updated their wallet, and funds were immediately stolen and sent to an attacker’s Bitcoin account.

The attackers use fake Electrum servers to push out updates directly through pop-ups on older versions of the wallet. Clients receive an error message saying they need to upgrade their software, which then results in the downloading of malware.

According to the report, the attackers’ wallet holds 1980 BTC (~$22 million), in addition to 202 BTC ($2.6 million) stolen in December 2018. In August, a single GitHub user claimed to have lost 1400 BTC ($15.8 million) after falling victim to the scam.

Featured Image Credit: Photo via