The last week of 2018 was not good for Electrum Wallet users. An internet hacker or a group of hackers added multiple malicious servers to the Electrum network and later forced the users to download a harmful programme. Up to 250 worth of BTC was stolen.
Unfortunately, hacking attacks on virtual wallets do happen, despite all of the security measures and authorisation. Usually, the malicious acts are based on some kind of harmful software that is downloaded into the crypto holders’ computers. This time, the victims of such attack were the users of a popular cryptocurrency wallet – Electrum.
The course of events
Before the actual attack, the hackers had been sneakily adding new servers to the original Electrum network. They were a kind of a beacon – if a transaction was redirected to such a server, the user would get a notification about an error. Then, if the user wanted to complete the transaction, he had to download a supposed “update” of the Wallet application. He could do it via a link prepared by the hackers.
Of course, the update was actually malicious software that collected private data of the user, such as the two-factor authentication (2FA) code. Later, the money from the user’s accounts was transferred to hacker’s wallets. Up to 250 BTC (around 900,000 USD at today’s exchange rate) have been stolen that way.
The Electrum developers, immediately after detecting the attack, published a series of warning tweets. They also updated the application of the wallet to avoid further thefts. The Electrum team again reminded the users to not download any apps or updates from the unknown sources.
There is an ongoing phishing attack against Electrum users. Our official website is https://t.co/aHiZIZH54e Do not download Electrum from any other source. More on the attack here: https://t.co/x5mPVspKfO
— Electrum (@ElectrumWallet) 27 grudnia 2018