The famous Electrum Wallet was hacked. It is not known whether there was only one person or group of people who organized the phishing attack on the wallet’s accounts. 202 BTC were stolen!
Electrum Wallet Got Hacked!
Known as one of the most popular cryptocurrency wallets for Bitcoin storage, Electrum Wallet got hacked. Users were tricked to use a so-called new version of the software this wallet is based on in order to steal their funds. The hacker/s managed to steal 202 BTC (about $ 731,000).
According to ZDNet, the hacker or group of hackers made some changes to Electrum wallet’s network, managing to add tens of fraudulent servers. As a result, users were notified of an unreasonable error message asking them to install an updated wallet from a specified malicious GitHub address.
Once users have followed the steps shown in the message, thus downloading the updated wallet version, they actually installed an infected version of the Electrum wallet that additionally, required users the 2FA code- then used by the hacker to send money to his/her personal addresses.
The bug for which the attack was possible is, according to the news outlet, the Electrum’s original server, which made possible to trigger popups containing “customer text” directly within the users’ wallets. The attack started on December 21 and ended after GitHub admins solved the problem.
The Attack Could Continue in the Future …
Even if the situation has been resolved, Electrum Wallet’s admins are worried that the attack could start again in the future as soon as the hacker finds a new location for his/her fraudulent files.
“We did not publicly disclose this [attack] until now, as around the time of the 3.3.2 release, the attacker stopped. However they now started the attack again,” claimed SomberNight, a developer at Electrum.
According to data, the hack was more successful in the early days as the hacker was able to send users messages that seemed authentic. Once Electrum’s admins made some changes to the wallet in response to attack reports, the abovementioned messages began to look false, misleading.
The developers behind the Electrum Wallet are now working on eliminating the ability to create personalized messages that can be easily sent to users and rather create a preset message. Experts have found 33 malicious servers installed within the Electrum network, but many think there are more.