As of December 21st, a group of malicious hackers has been targeting the ever popular Electrum wallets for Bitcoin and has been estimated to have stolen up to 243.59 BTC ($912,000 USD.) These attacks have resulted in Electrum wallet applications popping up with messages on users computers, urging them to download a malicious wallet update from an unauthorized GitHub repository.
There is an ongoing phishing attack against Electrum users. Our official website is https://t.co/aHiZIZH54e Do not download Electrum from any other source. More on the attack here: https://t.co/x5mPVspKfO— Electrum (@ElectrumWallet) December 27, 2018
As of today, the attacks have stopped for a time being, after GitHub admins manage to take down the hacker’s GitHub repository. Although, admins have warned Electrum wallet owners to expect a new wave of attacks to occur sometime soon, through either a new GitHub repository or a link to another download location altogether.
The reason these attacks were even possible in the first place was due to a vulnerability in the wallet itself, which allows Electrum server triggers popups with customer text inside users wallets. Meaning that the attacks were capable to inform users to download their malicious script, which in turn prompted them to enter a two-factor authentication code, which leads to them having their funds stolen.
One of the many victims for this unfortunate hacker wrote their experience on Reddit.
“I have used electrum a lot, here is how this went down tonight. I log onto my electrum where I have about 1.4xx btc that I was trying to send. When i attempt to send I get a strange message that says “in order to send please update to the latest version here: https://github.com/electrum-project/electrum” now this link was weird for two reasons, first off it is not the official link from the electrum site and second it didn’t allow me to click it like normal links do/would. I had to copy/paste it into my browser window. I did that and proceeded to download the application here, when I logged on it immediately asked me for my 2 factor code which I thought was a little strange as well as Electrum usually only asks for that when you attempt to send. I kept trying to send and kept getting an error code “max fee exceeded no more than 50 sat/B” I then restored my wallet on a separate pc and found that my balance had been transferred out in full to this address: https://www.blockchain.com/btc/address/14MVEf1X4Qmrpxx6oASqzYzJQZUwwG7Fb5.”
Once news on these attacks reached the Electrum team, they responded by “silently updating” the Electrum wallet app, so messages like the hackers don’t render as rich HTML text anymore. The developers have stated on GitHub that Electrum developers have successfully located at least 33 malicious Electrum servers that have been included in their network, but the numbers estimate around 40-50.
Even during the holiday seasons hackers are on the prowl to spread their malicious fingers everywhere they can. If you are an owner of a Electrum wallet, make sure your careful with any updates prompted by the application.
Have you been a target of these recent hacks?
Let us know your thoughts.