Electrum calls out copycat site Electrum Pro for ‘bitcoin-stealing malware’

Getting your Trinity Audio player ready...

The well-regarded BTC wallet service Electrum has revealed that hackers have cloned their service, setting up a copycat site designed to scam unsuspecting users out of their cryptocurrency.

Electrum, which operates its official website on the domain electrum.org, noticed a rival service known as ‘Electrum Pro’, with its website at electrum.com. Furthermore, Electrum Pro is advertising on Google AdWords, in an apparent attempt to divert traffic from the legitimate wallet service.

Long considered one of the most user-friendly and secure wallets, with compatibility for hardware including Trezor and Ledger, the team behind the service now claim scammers are effectively running malware designed to steal BTC from the domain.

Their concern is that any wallets created on the electrum.com domain are now compromised, further undermining confidence in BTC and potentially cryptocurrencies as a whole.

Having identified the suspected malware, the Electrum team outlined their findings on Github, reflecting the relevant code for stealing recovery seeds, and passing the required information to the scammers. This enables the hackers to take control of user wallets, and any of the funds contained within them, according to the Electrum team.

The incident is not the first time hackers have attempted to copy Electrum and pass off as the legitimate platform, but comes as the first instance of a hacker being able to use the .com domain.

The .com website is also difficult to detect as a scam, with only subtle differences from the legitimate Electrum site, and the claim that Electrum Pro is a fork from the original. The Linux version of the wallet remains uncompromised, with only Windows and OS X versions containing the malicious code.

Electrum has advised anyone who has recently installed their platform to double check they’ve installed the correct, legitimate version, available only from Electrum.org. There are also plans to create an official app, available for download from the Mac App Store, as a means of circumventing similar attacks in future.

Nevertheless, the development is only the latest of many hacking attempts revolving around BTC.

Earlier this week, a research report documented findings from a year-long study that showed anywhere from between 3-10x the malicious activity on the BTC blockchain as the public Internet, with BTC dubbed ‘3x more evil than the Internet’.