Bitcoin Wallet Malware Scam Targets Electrum Users And Garners Over 200BTC
An attack on the Electrum bitcoin wallet has so far netted hackers over 200 bitcoin worth around $750,000. The attack began on December 21, 2018. Though it has victimized some unsuspecting users, it can be avoided.
Electrum is a Bitcoin wallet which doesn’t require the user to download the full blockchain. Instead, servers remotely provide users with the blockchain and they access it through their wallet. It is one of the most popular Bitcoin wallet implementations and forks of it for both versions of Bitcoin Cash as well as Litecoin, Dogecoin, and Dash have been created over the years.
Malicious Servers Crucial To Scam Attack
Malicious servers were been added to the Electrum wallet network. When users attempted a bitcoin transaction which reached one of these illegitimate servers the user received a message within the wallet application instructing them to download and install an update. The message led unsuspecting uses to the hacker’s GitHub page.
The resulting download was actually malware disguised as a new version of the Electrum wallet. The installed malware then prompted users to enter their two-factor authentication codes. This allowed the attackers to then use the authentication codes and steal bitcoin by transferring funds to their own bitcoin address.
An Electrum developer posted details of the hack in the last 24 hours on Github sharing the following screenshot of the hackers first false message and link which they had managed to infiltrate into the Electrum user interface:
Electrum has since modified its software and released an update but, said SomberNight:
This is not a true fix, but the more proper fix of using error codes would entail upgrading the whole federated server ecosystem out there…
The Electrum Github repository detailing this issue also confirms that:
We did not publicly disclose this until now, as around the time of the 3.3.2 release, the attacker stopped; however they now started the attack again.
The latest malicious popup and link looked like this:
Reporting by ZDNet indicates Github admins have now removed the repository with the malicious wallet version.
That said, Electrum Wallet users should remain vigilant as the hackers have persevered and adjusted their efforts over the last week, so new attacks are likely.
Electrum has warned its users to only download software from electrum.org and not Github tweeting:
There is an ongoing phishing attack against Electrum users. Our official website is https://t.co/aHiZIZH54e Do not download Electrum from any other source. More on the attack here: https://t.co/x5mPVspKfO
— Electrum (@ElectrumWallet) December 27, 2018
Another red flag for users who unwittingly download the malware should be the request for two-factor authentication when starting the malware affected new wallet version. Two-factor authentication is only normally requested when making a transaction.
It’s not just Electrum wallet users that need to be vigilant, malware attacks on cryptocurrency users are increasing. Non-cryptocurrency users are at risk too, a McAfee report in the past few days also says that crypto mining malware incidences have risen 4,000% in 2018 alone.
Featured image from Shutterstock.