200+ Bitcoin Stolen From Electrum Wallet Users Via Hack
December 28, 2018 12:11 AM
The hacker used a malicious update to steal users’ funds.
Another attack has hit the cryptospace – this time, the target was the Electrum Bitcoin Wallet. The hacker, or hackers, got away with over 200 Bitcoin (around $718,000 as of press) by urging wallet users to download and install a malicious software update, according to business technology news outlet ZDNet. The hack began last Friday, December 21, and has been temporarily halted by GitHub administrators as of today.
To acquire users’ bitcoin, the attacker added several malicious servers to Electrum’s network. If an initiated bitcoin transaction reached one of these servers, it would respond with an error message prompting the user to follow a GitHub link to download an update. After download, the updated app would request a two-factor authentication code, which, if provided, would allow the malicious software to transfer the user’s funds into the attacker’s Bitcoin addresses.
Some users even manually copy-and-pasted the link provided in the error message and downloaded the malicious update via that route.
Although GitHub eventually removed the offending repository, the Electrum team silently responded to the hack beforehand by updating the app so that the fake messages would no longer appear as formatted text, which looks more legitimate than plain text. An Electrum developer, known as SomberNight, said the team did not publicly disclose the attack until today because the hacker had apparently stopped.
However, Electrum anticipates another attack to occur using either a different GitHub repository or another download location. The malicious servers also remain on the Electrum network – in fact, Electrum developers have identified at least 33 of them. The team has not disclosed what it intends to do about these servers.
Dani Putney is a full-time writer for ETHNews. He received his bachelor’s degree in English writing from the University of Nevada, Reno, where he also studied journalism and queer theory. In his free time, he writes poetry, plays the piano, and fangirls over fictional characters. He lives with his partner, three dogs, and two cats in the middle of nowhere, Nevada.
ETHNews is committed to its Editorial Policy
Like what you read? Follow us on Twitter @ETHNews_ to receive the latest Electrum Bitcoin Wallet, SomberNight or other Ethereum wallets and exchanges news.
