Electrum Wallet is plagued by elaborate phishing attacks that only seek to steal user funds stored within these wallets.
Recently, an Electrum wallet user reported on GitHub who was the victim of a phishing attack where he lost 1.400 BTC, valued at more than $14,3 million, according to the price of the cryptocurrency as of the date of this publication. Although this is a very unfortunate fact, there are other users who have also been victims of these attacks.
According to the victims' statements, the hacks consist of a false update that the wallet requests when the user wants to make a transaction. Two of the most affected victims “1400 Bitcoin Stolen", who lost 1.400 BTC and "Cryptobtcaly”, who lost 36,5 BTC, stated that when making a transfer the system displays a pop-up window that requests a security update before continuing with the transaction. Likewise, the victims claim that when installing the supposed security update for Electrum, The wallet immediately makes a transaction with all the funds stored within the wallet, towards a steer axle truck Bitcoin unknown that obviously belongs to the attacker.
For their part, several researchers affirm that phishing attacks on Electrum wallets are a problem that has been stalking users since 2018, the year in which the wallet suffered the first of these attacks and which robbed a user of 246 BTC. Since then, several similar situations have arisen with users downloading a version of the wallet from a source other than electrum.org.
It may interest you: Electrum supports Lightning Network, Watchtowers and Submarine Swaps
How did the attack occur?
In the GitHub thread, “1400 Bitcoin Stolen” declares that:
“I foolishly installed the old version of the electrum wallet. My coins spread. I tried to transfer about 1 BTC, but couldn't continue. A pop-up window appears stating that I needed to update my wallet before I could transfer funds. "I installed the update which immediately triggered the transfer of my entire balance to a scammer's address."
After the incident, the user contacted the analysis company blockchain Coinfirm, so that investigators could track the stolen funds and the address where they were sent. So far, researchers from the analysis firm indicate that the hacker has an account on Binance and that the recorded movements date back to Saint Petersburg, Russia, although it may be that the hacker uses a VPN to hide his location. The CEO of exchange, Changpeng Zhao, moved the addresses involved in the hack to a blacklist to track the withdrawal of funds.
The risk of running "your own servers"
One of the participants in the discussion on GitHub, who identifies himself under the pseudonym “gits7s", assures that the problem with Electrum is not a security vulnerability of the wallets, since these are considered one of the most secure light wallets on the market, but that the problem lies in the fact of allowing users to execute their own servers or use those that seem trustworthy. For "gits7s" and several other participants, if users download an Electrum update from a source other than the wallet's official website (electrum.org) they can download and install the update along with a backdoor that allows hackers to access their funds and steal them.
“This is because unlike other light wallets, Electrum decided to not just have a few encrypted servers that will be responsible for the privacy of all users and act as a single point of failure, but instead allows users to run their own servers or use servers they trust.”
Continuing with the thread on GitHub, “gits7s” ensures that Electrum does not present security errors that can be exploited, that it has no open vulnerabilities and that the wallets cannot be controlled remotely, so a hacker cannot cause the loss of funds without the action of the user themselves. Given this, “gits7s” recommends that users only download the version of Electrum and its updates from the original source and also verify that they are running a version of the wallet without discovered vulnerabilities, that their build is signed and that it is authentic.
For his part, Jason Lau, Director of Operations at OKCoin, recommends that users who store large amounts of cryptocurrencies in this type of wallets should be very careful when downloading updates and managing their own keys, since these are the most attractive to users. hackers. Likewise, Lau affirms that the hacks to “1400 Bitcoin Stolen"And"Cryptobtcaly” are phishing scams that allowed hackers to access victims' private keys and funds through the supposed update.
Continue reading: Lazarus Group targets cryptocurrency theft with phishing attacks
