BSV
$70.45
Vol 59.79m
-1.36%
BTC
$97338
Vol 45566.59m
0.46%
BCH
$524.54
Vol 581.17m
-0.48%
LTC
$116.7
Vol 1673.77m
13.8%
DOGE
$0.43
Vol 8326.59m
2.04%
Getting your Trinity Audio player ready...

Cybercriminals are reportedly tricking owners of Electrum wallets into installing malware so they can steal user funds, according to a ZDNet report. So far, more than $22 million has been stolen per the outlet’s investigation. 

The scam involves sending fake updates to wallet owners. This tactic was first noticed in December 2018. Since then, thieves have reused the attack pattern in multiple campaigns over the past years, with some attacks taking place as recently as last month. 

How it works

The heist begins when users of the Electrum crypto wallet app receive an unexpected update request via a pop-up message. They update their wallet, then discover that the funds contained within were stolen and sent to the attacker’s BTC account.

This attack method works because of the inner workings of the Electrum wallet app and its backend infrastructure.

Developers designed Electrum wallets to connect to the BTC blockchain to process any transactions. It connects through a network of Electrum servers known as ElectrumX. 

While some crypto wallet services control who can manage these servers, Electrum is an open ecosystem where everyone can set up an ElectrumX gateway server. Since 2018, the bad actors have been abusing this system to spin up malicious servers and wait for unsuspecting users to connect to their systems randomly.

Once this happens, the attackers instruct the server to show a pop-up on the user’s screen, leading the victim to access an URL and download and install an Electrum wallet app update on what turns out to be lookalike domains impersonating the official Electrum website or GitHub repositories.  

If users ignore the URL without confirming it is electrum.org, they end up unwittingly installing a malicious version of the Electrum wallet.  

The next time the user tries to use the wallet, it will uncharacteristically ask for a one-time passcode (OTP). The code is only requested before sending funds and not at the wallet’s startup. If users enter the requested code without thinking, they have given the malicious wallet’s official approval to transfer all of their funds to an attacker’s account.

The report tracked down multiple crypto accounts where thieves have allegedly gathered stolen funds from the heist they carried out. These wallets hold 1980 BTC, which is roughly over $22 million in fiat currency. A significant portion of those funds appears to have been stolen during one event in August when one unlucky victim reported losing 1,400 BTC (~$15.8 million) after updating an Electrum wallet.

The Electrum team has taken many steps to mitigate this attack. They implemented a server blacklisting system on Electrum X servers to prevent malicious additions to their networks. They also added a system update, stopping servers from showing HTML formatted pop-ups to end-users.

Nonetheless, a malicious server can still slip through the cracks. The attack still works well on those still using older versions of the Electrum wallet app to manage funds.

Follow CoinGeek’s Crypto Crime Cartel series, which delves into the stream of groups—from BitMEX to Binance, Bitcoin.com, Blockstream and Ethereum—who have co-opted the digital asset revolution and turned the industry into a minefield for naïve (and even experienced) players in the market.

Recommended for you

Russia proposes winter BTC mining ban until 2031
A commission led by Deputy Prime Minister Alexander Novak has proposed banning block reward mining in Siberia from November to...
November 28, 2024
BTC miner DMG Blockchain expands after $16M fundraising
The Canadian company has purchased Bitmain hydro miners for $5 million, which will be installed in February, bringing its total...
November 26, 2024
Advertisement
Advertisement
Advertisement