The scams and the fraudulent activities are increasing with each passing day in the crypto market.
A recent such attack on the Electrum Bitcoin wallet has so far filled the pockets of the hackers to the tune of 200 Bitcoins which at current market price is valued around $750,000. The attack first took place on 21st December 2018.
Electrum is being categorized under the Bitcoin wallet where a user is not required to download the full blockchain. However, servers remotely give users with the blockchain so that they can have access to it via their wallet. Till date, this has been one of the most talked about wallet implementations and forks of it has been created for both versions of Bitcoin Cash as well as Litecoin, Dogecoin, and Dash.
The method used to cause the damage
The hackers added the affected servers to the Electrum wallet network. Later, when any user tried to perform a Bitcoin transaction, it would reach one of these illegal servers which would then send a message to the user within the wallet application prompting them to download and install an update. Those innocent users who followed the instructions were directed to the hacker’s GitHub page.
The prompted update was actually a malware camouflaged as a new version of the Electrum wallet. Once installed, the update would then ask the users to enter their two-factor authentication codes. By this, the attackers gained access to the user’s wallet, and by using the authentication codes, they stole Bitcoins by transferring them from the user’s wallet to their own Bitcoin address.
One of the Electrum developers shared the below screenshot of the hackers first false message and the link which the hacker had managed to embed into the Electrum user interface.
After this attack, Electrum has temporarily modified its software and released an update with effect to the modification done. It said that “This is not a true fix, but the more proper fix of using error codes would entail upgrading the whole federated server ecosystem out there…”
On the issue, the Electrum Github repository also confirmed that “We did not publicly disclose this until now, as around the time of the 3.3.2 release, the attacker stopped; however they now started the attack again.”
The current scammed popup and link looked like below:
Electrum has further alerted its users to download software only from electrum.org and not from Github.
It further said that the wallet users should remain vigilant as the hackers have persevered and adjusted their efforts over the last week, so new attacks are likely to happen again.
With respect to the same it tweeted as below: