Since 21st of December, a hacker or group of hackers managed to earn 250 BTC (about $937, 000) by the attack launching against the Electrum bitcoin wallet. The hackers successfully steal such a big amount of money through creating a fake version of Electrum users’ device that urge users into download the updated version by fool them into providing password information.
Electrum also confirmed that and said that the attack happened due to a fake version of Wallet used by the hackers behind this.
“Our official website is https://electrum.org[.] Do not download Electrum from any other source,” the tweet continued.”
Attack initiated with fake version of the Wallet
According to a Reddit useru/normal_rc, the hacker/ group of hackers setup up a whole bunch of malicious servers.
“If someone’s Electrum Wallet connected to one of those servers, and tried to send a BTC transaction, they would see an official-looking message telling them to update their Electrum Wallet, along with a scam URL.”
Affected users report error messages while login into their wallet
Malicious servers caused error messages all the time while on transaction time. These messages suggested victims to download the wallet application update from the provided link to prevent potential dangers.
The malicious link is a GitHub storehouse that cannot be opened by clicking on it. The victims are urged to copy and paste the link to their browser and hence the fake Electrum Wallet activated. The victims then report that they are failing into login to their Wallet. After that the fake Wallet asked for providing their two factor authentication code- something that genuinely the Electrum does not request during login. And, then the hackers empty the Wallet balance.
One victim continued in another Reddit post, adding:
“I kept trying to send and kept getting an error code ‘max fee exceeded no more than 50 sat/B [satoshis per byte]’ I then restored my wallet on a separate pc and found that my balance had been transferred out in full[.]”
Users that haven’t updated the app are safe
If you update the fake version of t he Electrum app, soon your wallet becomes emptied. So, if you haven’t done that yet, do be curious and try to ignore updates, in fact, avoid using Electrum service till the further investigation. This is because, the SomberNight, one of the developers for the Electrum Wallet, has said, there is still a risk of continuous attacked on the platform.
“We did not publicly disclose this [attack] until now, as around the time of the 3.3.2 release, the attacker stopped. However they now started the attack again.”