Electrum faces another fake wallet attack, users report losing millions of dollars

3 min read

Bitcoin (BTC) wallet service Electrum is confronted with a continuous Denial-of-Service (DoS) attack on its servers, the company reported on Twitter on April 7.

According to the technical news website The Next Web, the new attack has caused users to lose an estimated millions of dollars so far, with a single person reportedly losing around $ 140,000.

The ongoing DoS attack is reportedly triggered by a malicious botnet of more than 140,000 machines and aims to steal Bitcoin from users by referring them to fake versions of Electrum software. Referring to an unnamed security investigator, the article says the recent DoS attack has been implemented at a new level and launched about a week ago.

According to The Next Web, the attackers have even implemented their own Electrum servers that host hacked Electrum versions to realize the hack. After users synchronize their vulnerable Electrum wallet with a malicious server, they are instructed to "update" their client with a hacked version, which ultimately leads to an immediate loss of money in the old versions, the report explains .

Thomas Voegtlin, lead Electrum developer, reportedly said the company expects to resolve the matter in the coming hours or days. He emphasized that those at highest risk are those who downloaded Electrum a long time ago and have not updated the software since.

That is why the Electrum website says that software versions older than 3.3 can no longer connect to public servers and must be upgraded, which is a measure to prevent users from being exposed to phishing messages. The website also encourages users not to download Electrum software from a source other than electrum.org.

In the recent announcement on Twitter, Electrum advised its users to disable the auto-connect option and select their server manually, while the company is working on a more robust version of the Electrum server to resolve the problem.

In December 2018, Electrum was confronted with a similar attack that led to a loss of approximately $ 937,000 in Bitcoin. As reported by Cointelegraph, the attack consisted of building a fake version of the wallet to train users in providing password information.

It was recently reported that the online video distribution giant YouTube erroneously ran a malicious advertisement for the Electrum wallet, which again contained a malware version of the software.

Last week, the World Economic Forum released a blockchain cyber security report, claiming that most data breaches are more likely to be caused by a lack of implemented security measures rather than an increased level of hacker skill.

http://platform.twitter.com/widgets.js window.fbAsyncInit = function() { FB.init({ appId : ‘1922752334671725’, xfbml : true, version : ‘v2.9’ }); FB.AppEvents.logPageView(); }; (function(d, s, id){ var js, fjs = d.getElementsByTagName(s)(0); if (d.getElementById(id)) {return;} js = d.createElement(s); js.id = id; js.src = “http://connect.facebook.net/en_US/sdk.js”; js.async = true; fjs.parentNode.insertBefore(js, fjs); }(document, ‘script’, ‘facebook-jssdk’)); !function(f,b,e,v,n,t,s) {if(f.fbq)return;n=f.fbq=function(){n.callMethod? n.callMethod.apply(n,arguments):n.queue.push(arguments)}; if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version=’2.0′; n.queue=();t=b.createElement(e);t.async=!0; t.src=v;s=b.getElementsByTagName(e)(0); s.parentNode.insertBefore(t,s)}(window,document,’script’, ‘https://connect.facebook.net/en_US/fbevents.js’); fbq(‘init’, ‘1922752334671725’); fbq(‘track’, ‘PageView’);

Written by

Don Bradman

Leave a Reply

Your email address will not be published. Required fields are marked *