Electrum Wallet Phishing Attack Nets Hackers $900K in Bitcoin
HomeCryptocurrency NewsBitcoinist.com

Electrum Wallet Phishing Attack Nets Hackers $900K in Bitcoin

Hackers managed to steal close to $900,000 worth of Bitcoin from Electrum wallet users via a phishing attack. While the attacks seem to hav...

PLAAK: How a Pre-ICO Launch Generated Almost $1 Million In 10 Days
Coincheck Shows Relief As Regulator Orders ‘Improvements’ After Hack
Misleading Tales of Terror about Tether

Hackers managed to steal close to $900,000 worth of Bitcoin from Electrum wallet users via a phishing attack. While the attacks seem to have come to a halt, Electrum Devs say the hackers can launch new exploits since the issue hasn’t been permanently fixed.


Fake Electrum Wallet ‘Update’ Phishing Attack

The news of the attack first appeared on GitHub via one of Electrum’s developers code-named SomberNight. Starting on Friday (Dec. 21, 2018), hackers began tricking Electrum wallet users into downloading an update, which turned out to be from a malicious source.

The hackers uploaded a bunch of malicious serves to the main network of the Electrum wallet. Once a user initiates a BTC transaction that reaches one of these servers, an error message pops up. This error message tries to trick them into downloading a fake Electrum wallet app.

If the user falls victim and downloads the malicious wallet, a message asking for two-factor authentication (2FA) shows up. This occurrence is unusual given that 2FA only comes into play when transferring BTC not when starting up the wallet. Once the user gives up their 2FA code, the hackers can siphon all the Bitcoin in the wallet.

As at press time, the hackers seem to have consolidated their loot into one BTC address which holds about 243 BTC (over $890,000).

Similar Attacks Will Likely Continue

CasaHodl CTO Jameson Lopp, a veteran software developer, explained that users who connect to their Electrum server were unaffected in the hack.

“A sybil + malware attack is ongoing against Electrum Wallet users,” he cautioned on Twitter.

If you see a message asking you to upgrade, don’t click on it! Users who only connect to their own personal Electrum server are unaffected.

Several comments on Reddit also back up Lopp’s statements saying that those running full nodes have no reason to worry.

Update ONLY From the Offical Electrum Website

Meanwhile, the Electrum Devs are urging users not to download any update from a source apart from the official website. Responding to the attacks, the project team updated the wallet app with a new upgrade that prevents the rendering of rich HTML text.

Commenting on this effort, SomberNight said:

We did not publicly disclose this until now, as around the time of the 3.3.2 release, the attacker stopped; however, they now started the attack again.

A more permanent solution would be to eliminate the ability to send customized error messages. This would prevent hackers from being able to send error codes that the wallet can decode into a message advising a specific action.

Without taking such steps, the hackers can continue the phishing attack. With a new download link, they can continue the attacks seeing as the project team says there are about 50 malicious servers.

Phishing attacks are one of the many means used by cybercriminals to steal cryptocurrency. In September, Bitcoinst reported on the use of fake websites in Singapore to steal credit card information.

Do you think the Electrum Devs will be able to find a lasting solution to this new phishing hack? Please share your thoughts with us in the comments below.


Image courtesy of GitHub and Twitter (@lopp).

The post Electrum Wallet Phishing Attack Nets Hackers $900K in Bitcoin appeared first on Bitcoinist.com.



from Bitcoinist.com http://bit.ly/2GHQQH9
Name

Bitcoin News,5117,Bitcoinist.com,4741,Cryptocurrencies,4741,Cryptocurrencies Latest News,5117,Cryptocurrency Latest News,4741,Cryptocurrency News,9858,
ltr
item
Cryptocurrency Latest News: Electrum Wallet Phishing Attack Nets Hackers $900K in Bitcoin
Electrum Wallet Phishing Attack Nets Hackers $900K in Bitcoin
https://bitcoinist.com/wp-content/uploads/2018/12/shutterstock_449461888-640x400.jpg
Cryptocurrency Latest News
http://cryptocurrencylatest.blogspot.com/2018/12/electrum-wallet-phishing-attack-nets.html
http://cryptocurrencylatest.blogspot.com/
http://cryptocurrencylatest.blogspot.com/
http://cryptocurrencylatest.blogspot.com/2018/12/electrum-wallet-phishing-attack-nets.html
true
1236144943044321696
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS CONTENT IS PREMIUM Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy