Market Cap:
$276.3B
BTC Dominance:
68.71%
btc:
$10625.74
eth:
$193.40
xrp:
$0.27
Advertise
Announcements

Phishing Attack on Electrum Wallet Leads to 200+ Bitcoin Stolen

Sanmi Adeagbo | Dec. 28, 2018
Phishing Attack on Electrum Wallet Leads to 200+ Bitcoin Stolen

A hacker (or a group of hackers) has successfully stolen over 200 Bitcoin which is worth $750,000 (as of today's price) after it used a clever attack on the infrastructure of Electronum Bitcoin wallet.

December 28, 2018 | AtoZ Markets -The Electrum Bitcoin wallet has been attacked and over 200 Bitcoin has been stolen after the attacker(s) lunched a malicious wallet app with an unauthorized Github repository. This is according to ZDNET . The hacker(s) has made over $750,000 from this activity. The attack started when users saw a legitimate Electrum wallet app displaying a message on their computer screens, urging them to download a malicious wallet update. The attack started last Friday, 21st December and appears to have been temporarily halted today by Github admins.

How The Attack Was Carried Out

In order to acquire users' Bitcoin, the attackers added several malicious servers to the Electrum wallet network. When the users of Electrum wallet initiate a Bitcoin transaction, it reaches one of the malicious servers and an error message is displayed which then ask them to download a wallet app update. The wallet app update was linked to a malicious website. When the users launch the updated malicious app, it asks them for a two-factor authentication (2FA) code. When the 2FA code is provided, the malicious server installed in the app would transfer the users' fund into the attacker's Bitcoin addresses.

How Electrum Has Reacted So Far

When Electrum noticed this, it quickly changed these server messages from rich-formatted texts to less legitimate plain text. Github eventually deleted the malicious repository from its system. The admins of Electrum expect a new attack to commence, with either a new Github repository or another download location. Users are still vulnerable to this attack until the admins of the wallet can successfully render the attack unusable for the attacker. These malicious servers still remain on the Electrum system - at least 33 of them have been identified by Electrum developers.

Think we missed something? Please share with us in the comment box below.

Disclaimer: The views and opinions expressed in this article are solely those of the author and do not reflect the official policy or position of AtoZ Markets.com, nor should they be attributed to AtoZMarkets.