Nexo

Start Earning Up to 16% Interest Automatically

Learn More
Home » Analysis » Hackers Siphon Bitcoin In Electrum Wallet Attack

Hackers Siphon Bitcoin In Electrum Wallet Attack

by
Cyber pickpockets target electrum wallet

Share this article

If you’ve been buying the dip, you may want to brush up on good security. Crypto wallets are being targeted by cybercriminals, most recently with a phishing attack on the popular Electrum software wallet. Based on blockchain data, at least 200 BTC, worth nearly $730,000, have already been sent to the attacker’s bitcoin address.

While the wallet software itself appears to be secure, the hackers are using dummy nodes to imitate Electrum servers, which then send falsified error messages when users attempt a transaction.

Electrum is aware that it is being targeted, and the company has warned that “there is an ongoing phishing attack against Electrum users,” reminding them of the official website address and urging them not to download the wallet from any other source. It’s not the only attack currently unfolding, and desktop wallet Exodus is similarly warning its users of a“clone website just waiting to steal your crypto presents.”

The attack on Electrum has the social media community on high alert, sharing screenshots of the fake security update like the one below. And, according to an Electrum developer on Github, the attack is not over:

“The attacker has spawned lots of servers on different /16 IPv4s to increase his chances of being connected to. The error messages are trying to get the user to download and install malware (disguised as updated versions of electrum).”

Electrum Phishing Attack Had Warning Signs

Redditors detailed the painful unfoldings of the scam, which started by initiating a send transaction from an Electrum wallet. According to Reddit user, appropriately nicknamed /u/MyElectrumGotHacked, a pop-up rich-text error message appeared, warning: “In order to send please update to the latest version here,” followed by a fake GitHub address.

Electrum users have fallen victim to the scam.
Via Twitter.

Needless to say, a legitimate app from the Appstore or Google Play does need to be updated through Github.

There were other red flags, including having to copy and paste the URL into a browser window. Victims were then prompted to download an application and  to complete two-factor authentication, which is not the norm for these transactions. In the end, the user logged into their account from a separate computer only to discover that their bitcoin balance had been wiped out.

The phishing scams thrust user security into the spotlight and ignited a debate about reasonable security measures that the average user can be expected to use. Exodus, a desktop wallet that is also under attack, recommends “storing large sums of funds on a hardware wallet like Ledger or Trezor.”

As crypto makes its way into the mainstream, there is clearly more work to be done in awareness, cybersecurity, or both.

The author is invested in digital assets, including bitcoin which is mentioned in this article.

Join the conversation on Telegram and Twitter!

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.