- The attack started on Friday, December 21, 2018
- Hackers duped users to update their wallet
- Electrum Wallet has faced serious problems for a while now
Hackers have stolen over 200 Bitcoin ($800,000) via a clever hack of the Electrum Bitcoin wallet. The attackers seem to have spawned several servers and installed malware disguised as an update to the wallet.
Legitimate wallets compromised
News spread like wildfire today in crypto that the hacker or group of hackers have attacked the Electrum Bitcoin wallet’s infrastructure, resulting in genuine Electrum wallet Apps displaying messages on users’ computers, advising them to download the malicious wallet update from an unauthorized GitHub repository.
According to the report, the attack is thought to have started on Friday, December 21, 2018 but may have ceased following GitHub admin’s decision to take down the hackers’ GitHub repository. However, it seems like the attackers tricked many users during the initial attacks because the wallet displayed the server messages as rich formatted texts, creating pop-ups that looked authentic with ready and clickable links.
After the news of the ongoing attack surfaced, the development team updated the Electrum Wallet App that ensured the messages don’t appear as rich HTML texts anymore. A developer who is part of the Wallet team going by the name SomberNight said:
“We did not publicly disclose this [attack] until now, as around the time of the 3.3.2 release, the attacker stopped,[…] however they now started the attack again.”
Not Electrum’s first incident
Users of the Electrum Bitcoin wallet have faced serious hacking incidents now and again. The Motherboard publication disclosed in a January 8, 2018 article that the developers of the wallet had left some vulnerabilities that had remained unresolved many months after being reported. According to the report, hackers could have had access to users’ prized Bitcoins for two years before the date because of the security vulnerabilities that were left unpatched.
In May 2018 the team sounded an alarm for its users over the possibility of an App called Electrum Pro being a counterfeit platform that was cloning its image besides creating a website using a dot-com domain, while their official website was on a dot-org domain. The team Tweeted on May 8, 2018 declaring they had evidence to show that Electrum Pro was a malicious copycat platform which appeared to infect users with malware that could steal their private keys.
As per the report, the Electrum Development team has identified some 33 malicious Electrum servers, though the total number is suspected to be between 40 and 50. The team is also working round the clock to disable the servers’ ability to send to send customized error messages.