Phisher targets Electrum Wallet – and runs off with nearly $1 million in bitcoin

Nearly $1 million has been stolen so far…

A phishing attack against the Electrum crypto wallet has seen an unknown attacker make off with over $900,000 in bitcoin.

The attack was first identified by Reddit users on 27 December, who reported a total of 200 BTC (around $780, 000) had been stolen from Electrum customers. According to user u/normal, the attacker operates through several “malicious servers,” that encourage Electrum users to visit an URL to ‘update to the latest version’.

“If someone’s Electrum Wallet connected to one of those servers, and tried to send a BTC transaction, they would see an official-looking message telling them to update their Electrum Wallet, along with a scam URL.” they said.

The event was quickly backed up by other users, who posted evidence of the attack on Blockchain.com. Redditor MYELECTRUMGOTHACKED describes the dodgy update message below.

“[…] first off it is not the official link from the electrum site and second it didn’t allow me to click it like normal links do/would. I had to copy/paste it into my browser window. I did that and proceeded to download the application here, when I logged on it immediately asked me for my 2 factor code which I thought was a little strange as well as Electrum usually only asks for that when you attempt to send.”

After several attempts to send ended in an error code stating the maximum fee had been exceeded, the user restored their wallet on another PC to discover their entire balance had been transferred to this address.

So far, about 245 BTC has been accumulated there. That’s over $950,000.

Electrum confirmed the attack shortly after and tweeted yesterday that they had released a 3.3.2 upgrade to help mitigate the phishing attack. However, they stated that the better fix of using error codes would “entail upgrading the whole federated server ecosystem.”

Image: Bigstock