Electrum Faces Another Fake Wallet Attack, Users Reported to Lose Millions of Dollars

Published at: April 8, 2019

Bitcoin (BTC) wallet service Electrum is facing an ongoing Denial-of-Service (DoS) attack on its servers, the company reported on Twitter on April 7.

According to tech news website The Next Web, the new attack has caused users to lose estimatedly millions of dollars to date, with a single person alone reportedly losing about $140,000.

The ongoing DoS attack was allegedly launched by a malicious botnet of more than 140,000 machines, and aims to steal users’ Bitcoin by referring them to fake versions of Electrum software. Citing an unnamed security researcher, the article says that the recent DoS attack is deployed on a new level and was launched about a week ago.

According to The Next Web, the attackers have even implemented their own Electrum servers hosting compromised Electrum versions in order to realize the hack. After users sync their vulnerable Electrum wallet with a malicious server, they are directed to “update” their client with a hacked version, which eventually leads to an immediate loss of funds that were contained in the old versions, the report explains.

Thomas Voegtlin, lead Electrum developer, reportedly said that the firm expects to resolve the matter in the coming hours or days. He stressed that users that are at the highest risk are those who downloaded Electrum a long time ago and have not updated the software since then.

Accordingly, Electrum’s website says that the software versions older than 3.3 can no longer connect to public servers and must be upgraded, which is a measure to prevent user exposure to phishing messages. The website also urges users to not download Electrum software from any other source than electrum.org.

In the recent announcement on Twitter, Electrum recommended its users to disable the auto-connect option and select their server manually, while the company is working on a more robust version of the Electrum server in order to fix the issue.

In December 2018, Electrum faced a similar attack that led to a loss of about $937,000 worth in Bitcoin. As reported by Cointelegraph, the attack consisted of building a fake version of the wallet that tricks users into providing password information.

Recently, online video distribution giant YouTube was reported to erroneously run a malicious advertisement for Electrum wallet, which again contained a malware version of the software.

Last week, the World Economic Forum released a blockchain cybersecurity report claiming that most data breaches are caused rather by a lack of implemented security measures instead of an increased skill level of hackers.

Tags
Bitcoin
Cryptocurrencies
Hacks
Hackers
Related Posts
Bilaxy exchange suspends website after ERC-20 hot wallet hack
Bilaxy, a lesser-known cryptocurrency exchange, has confirmed a major hacking incident, reporting the losses of funds due to an exploit of the platform’s ERC-20 hot wallet. Bilaxy announced on its Telegram channel that the crypto exchange suffered a “serious hack” on Saturday between 6 pm and 7 pm UTC, resulting in the transfer of 295 different ERC-20 tokens. According to the exchange, the affected tokens were transferred by the hacker to a single address. At the time of writing, the tokens are valued at $170,600, with the most recent transaction sending out 50 Ether (ETH), or about $159,000, on Monday. …
Bitcoin / Aug. 30, 2021
Deadline for Mt. Gox trustee rehabilitation plan extended again
The trustee of the now-defunct Japanese cryptocurrency exchange Mt. Gox has obtained another approval to extend the deadline for submitting a rehabilitation plan. Following a motion by Mt. Gox rehabilitation trustee Nobuaki Kobayashi, the Tokyo District Court issued another order to extend the deadline until Dec. 15, 2020, according to an official announcement posted on the Mt. Gox website on Oct. 15. Similarly to previous statements on deadline extensions, the new announcement specifies that the rehabilitation trustee is still formulating the plan, but “there are matters that require closer examination,” so it “has become necessary to extend the submission deadline.” …
Bitcoin / Oct. 15, 2020
Bitfinex hackers move another $30M in stolen Bitcoin from 2016
Bitcoins (BTC) stolen from major cryptocurrency exchange Bitfinex back in 2016 are on the move again, as hackers shift another massive batch of funds to unknown wallets. According to data from crypto transaction tracking service Whale Alert, Bitfinex hackers moved more than $4.6 million in stolen BTC on Oct. 8. These funds were sent to unknown wallets in two separate transactions of 435 BTC and 8 BTC. But the hackers have moved far more than this amount earlier this week. According to Whale Alert, Bitfinex hackers completed seven more similar transactions on Oct. 7, totaling at 2,900 Bitcoin, or $26.4 …
Bitcoin / Oct. 8, 2020
Binance CEO Suggests Crypto Exchanges Are Safer Than Keeping One’s Keys
Changpeng Zhao, the co-founder and CEO of cryptocurrency exchange Binance, suggested that for most, keeping crypto assets on an exchange is safer than keeping the keys themselves. Zhao gave his comments in a tweet on Jan. 19 after famous crypto skeptic and gold bug Peter Schiff complained that he lost access to his Bitcoin (BTC). Invoking the phrase “SAFU” — a slanger term in the crypto community for “safe,” Zhao said: “Many hardcore crypto [organizations] advocate storing your own keys. But the truth is, today most people are not able to secure a key even from themselves (losing it). A …
Bitcoin / Jan. 20, 2020
FTX hacker dumps 50,000 ETH, still among top 40 Ether holders
The hacker behind the bankrupt cryptocurrency exchange FTX started transferring their Ether (ETH) holding to a new wallet address on Nov. 20. The FTX wallet drainer was the 27th largest ETH holder after the hack but dropped by 10 positions after the weekend ETH dump. The FTX hacker drained nearly $447 million out of multiple FTX global and FTX.US exchange wallets just hours after the crypto exchange filed for Chapter 11 bankruptcy on Nov. 11. Majority of the stolen funds were in ETH, making the exploiter the 27th largest ETH whale. On Nov.20, the FTX wallet drainer 1 transferred 50,000 …
Bitcoin / Nov. 21, 2022