Electrum Bitcoin wallet still plagued by known crypto phishing attack

Published at: Sept. 6, 2020

Two Electrum software wallet users have recently reported the loss of large sums of Bitcoin (BTC). One victim described the disappearance of 1,400 BTC, totaling $14,595,000 at press time, while another claimed 36.5 BTC, worth $380,512, as stolen. The events appear connected to a long-standing phishing scam affecting Electrum users since 2018. 

“Users need to be careful when dealing with their own keys, particularly when they are holding the keys to a wallet with a large amount of cryptocurrency as it makes them attractive to hackers,” Jason Lau, the chief operating officer of crypto exchange OKCoin, told Cointelegraph in response to the 1,400-BTC hack, adding:

“In this incident, it appears that a phishing attack led to the user installing an update that gave the hacker access to the private keys and the funds. Phishing scams are very common across all types of financial applications, and they continue to evolve in levels of sophistication.”

A search through the past

Initial news of a phishing scam impacting the Electrum wallet first hit headlines on Dec. 27, 2018, with nearly $1 million reported stolen. “The hacker setup a whole bunch of malicious servers,” said a Reddit user publicizing the hack.

Essentially, the hacker led users to a malicious webpage via the servers, prompting them to input private data, which, in turn, submitted control of their assets to the nefarious party behind the scheme. The scam also involved a fake wallet update that downloaded malware onto the victims’ devices, a separate Reddit post detailed.

At the time of Cointelegraph reporting in December 2018, the wallet address associated with the scam held 243 BTC. Viewing the address today reveals that 637.44 BTC visited and exited the now-empty wallet.

In the months after the Electrum phishing effort went public, wallet difficulties have continued, including a separate denial-of-service attack that looked very similar to the mentioned 2018 phishing con, also leading victims astray with phony software updates.

Decoding the $14.6-million Bitcoin heist

In recent weeks, two additional Electrum wallet users have reported their Bitcoin holdings as stolen. One of the wallet users reportedly suffered a 1,400 BTC loss. “I had 1,400 BTC in a wallet that I had not accessed since 2017,” the victim said in an Aug. 30, 2020, post on GitHub, adding:

“I foolishly installed the old version of the electrum wallet. My coins propagated. I attempted to transfer about 1 BTC however was unable to proceed. A pop-up displayed stating I was required to update my security prior to being able to transfer funds. I installed the update which immediately triggered the transfer of my entire balance to a scammers address.”

Blockchain tracking by Cointelegraph staff showed a likely link between the 1,400 BTC thief, or thieves, and a Binance exchange account, according to a specific transaction ID. The transaction ID, however, involved more than 75 different wallet addresses, a Binance representative told Cointelegraph.

The representative also stated difficulties and gray areas associated with tracking and pegging transactions to foul play due to the nature of crypto and the many parties transacting on a daily basis. “It should not be assumed that flows into a malicious cluster are from an individual/group associated with the campaign, especially if it is a cluster used for receiving funds directly from victims,” the representative added.

Referring to Cointelegraph’s initial reporting on the stolen 1,400 BTC, the representative said: “The account that is the centerpiece for this article was reviewed and no suspicious indicators were found.” Previous Cointelegraph reporting also tracked some of the stolen BTC to Russia, although potential VPN usage voided any definitive conclusion.

“Binance address is upstream of scammer, probably just another victim,” Electrum’s Twitter account posted on Sept. 1 in response to Cointelegraph’s reporting. The tweet also posited the attack as correlated to the 2018 phishing con, adding: “No need to involve Russian Hackers.”

“The peer-to-peer discovery system adopted by Electrum is a design choice to keep the system decentralized, but in this case, it played a part in enabling the hacker to broadcast a fake ‘update your software’ message,” Lau said of the 1,400-BTC hack, adding: “Users should always double-check the authenticity of any wallet client software and take extra vigilance in verifying the source of all updates.”

Revealing another 36.5-BTC theft

Shortly after the 1,400-BTC robbery went public, another GitHubber responded to the discussion thread with a similar case they suffered two months prior, as a malicious actor reportedly looted 36.5 BTC from the wallet. Known as Cryptbtcaly on GitHub, the victim tracked the stolen funds to five separate addresses after the heist. “Some of the stolen Bitcoin went to Binance, but they ignore my appeals and do not return,” Cryptbtcaly said on GitHub.

One controversial point in the recent Electrum hacks was that victims were storing large amounts of funds on a software wallet. A guide from online educational source BitDegree noted software wallets carry the risk of malware and keylogging attacks: “They aren’t as secure as hardware wallets, but they are more convenient to use. This makes them perfect for day to day spending but not ideal for storing large sums of money for a long period of time.”

Related: Ledger CTO discusses wallet’s safety after multiple security setbacks

General industry best practices often steer users toward hardware wallets, such as those provided by Ledger or Trezor. Both companies recently also faced various challenges, although hardware wallets still seemingly appear as the preferred method of crypto storage, all things considered.

Tags
Related Posts
Another Electrum user is claiming that their coins were stolen
Details of a previous Electrum wallet hack surfaced following the massive 1,400 Bitcoin (BTC) theft that hit headlines a few days ago. "I had a similar situation 2 months ago," a Github user named Cryptbtcaly posted on the social media platform on Aug. 31. The user claimed someone pilfered 36.5 BTC from one of their wallet addresses. The BTC reportedly ended up spread across five different addresses. "Some of the stolen Bitcoin went to Binance, but they ignore my appeals and do not return," cryptbtcaly added. Details of a larger hack surfaced on Aug. 30, when a different Githubber reported …
Bitcoin / Sept. 1, 2020
Hacker behind 1,400 BTC Electrum wallet theft transacted on Binance
On Aug. 30, a Github user made a post about losing 1,400 Bitcoin (BTC) via an elaborate hack that affected his Electrum wallet. On-chain analysis indicates that the hackers had a Binance account and that some of the transactions used to move the stolen coins may have originated in St. Petersburg, Russia. However, It is important to note that conclusions afforded by on-chain research are generally more probabilistic than deterministic. On-chain analysis of the hack. Source: Cointelegraph, Crystal Blockchain. Even so, there is no clarity on how the attack was perpetrated, as Electrum's software is considered to be secure if …
Bitcoin / Sept. 1, 2020
Over 10,000 blacklisted BTC from 2016 Bitfinex hack on the move
A tranche of long-dormant Bitcoin seized in the 2016 hack of the Bitfinex cryptocurrency exchange are on the move today, an over $620 million sum that has some market participants spooked and may be contributing to a downward slide for Bitcoin. Blockchain analytics bot Whale Alerts was the first to raise the alarm, calling attention to a series of over five dozen transactions from wallets that have largely been inactive since the 2016 hack: ⚠ ⚠ ⚠ ⚠ ⚠ ⚠ ⚠ 1,241.37 #BTC (78,246,494 USD) of stolen funds transferred from Bitfinex Hack 2016 to unknown wallethttps://t.co/yLsJDXUBvE — Whale Alert (@whale_alert) …
Bitcoin / April 14, 2021
Electrum Bitcoin Wallet to Support Lightning Network in Next Release
The next release of major Bitcoin (BTC) wallet software Electrum will support off-chain scalability solution Lightning Network (LN). The Electrum official Twitter account announced the upcoming LN integration in a tweet sent on Oct. 14. The tweet announced: “The next release of Electrum will support Lightning payments. Our lightning node implementation has been merged into Electrum's master branch.” Electrum also confirmed that the wallet will employ a new implementation developed in-house, written in Python. High hopes for Lightning Network Lightning Network is believed by many Bitcoin proponents to be the solution to the network’s scalability limitations. Recently, the chief strategy …
Bitcoin / Oct. 14, 2019
BitPay’s Copay Wallet Compromised by Malicious Code, Firm Issues Advice for Users
Crypto payment processor BitPay issued advice on its official blog yesterday, Nov. 26, for users of its open-source Bitcoin (BTC) wallet Copay, which has reportedly been compromised by malicious code. The vulnerability pertains to a third-party Node.js module, also known as an “event stream,” which is used in versions 5.0.2 through 5.1.0 of BitPay’s Copay and BitPay apps. According to a GitHub issue report, this module was modified to load malware that is capable of stealing users’ private keys. BitPay’s post states that the BitPay app was not vulnerable to the malicious code, but that its team is investigating whether …
Bitcoin / Nov. 27, 2018