Study: Hackers Stole 1,980 Bitcoins via Fake Electrum Wallet Update

Criminals stole more than $23 million in bitcoin from users via a fake Electrum wallet update, researchers at ZDNet found.

They tracked several accounts to which the attackers moved the bitcoins stolen in 2019–2020. They hold 1980 BTC — $23.15 million at the time of writing.

Most of this sum was obtained in a single incident, when in August stole 1400 BTC from one of the Electrum users.

In all cases victims received a prompt to update the wallet via a pop-up message. After updating, the funds were immediately transferred to the attackers’ address.

The method works because Electrum wallets connect to the Bitcoin blockchain through a network of their own ElectrumX servers when conducting transactions.

Source: ZDNet.

Fraudsters set up malicious ElectrumX servers and wait for a wallet to connect to them randomly.

After that it prompts the user for a one-time password needed to send funds. Most users enter the requested code, assuming they are using the official Electrum version, thereby authorising the transfer of assets.

The scheme has operated since 2018, during which the attackers stole another 202 BTC. Since then, the Electrum team has taken a number of steps to prevent attacks, including a blacklist system for ElectrumX servers and an update that prevents displaying HTML pop-ups to end users. But attackers continue to find loopholes, researchers noted.

Earlier in April last year, Electrum users lost $4.6 million in bitcoins due to a large DoS attack.

Follow ForkLog news on Telegram: ForkLog Feed — the full news feed, ForkLog — the most important news and polls.