In a recent Electrum Bitcoin wallet attack, a hacker or group of hackers stole over 200 Bitcoins. In the current market, the worth of these Bitcoins is over $750,000.
The attack began on 21st December when the users of Electrum wallet app started receiving a message to download a wallet update from an unauthorized GitHub repository. The hackers set up multiple malicious servers and when Electrum users access their wallets, they receive an official-looking message to download the latest version of the wallet.
The first user who found the link strange for two reasons. First, it was not the official link from the Electrum site and second he was not able to click on the link. The users have to copy and paste the link in their browser which was a strange thing. According to an Electrum user,
“If someone’s Electrum Wallet connected to one of those servers, and tried to send a BTC transaction, they would see an official-looking message telling them to update their Electrum Wallet, along with a scam URL.”
Electrum confirmed that the attackers created a fake version of the wallet to fool users so that they provide their password information. The users who were affected with the hack were not able to log in to their wallets after providing the two-factor authentication code. In fact, Electrum never requests to provide two-factor authentication code during login. Once the hacker knew the password, they emptied the wallet. A victim said that,
“When I logged on it immediately asked me for my 2-factor code which I thought was a little strange as well as Electrum usually only asks for that when you attempt to send. I kept trying to send and kept getting an error code ‘max fee exceeded no more than 50 sat/B. I then restored my wallet on a separate pc and found that my balance had been transferred out in full.”
Electrum is a Bitcoin wallet which allows the users to use the wallet without downloading the full blockchain. The servers of Electrum remotely provided users with the blockchain and they access it through their wallet. It is one of the most popular Bitcoin wallet implementations. After the attack, Electrum has modified its software and released an update. According to Electrum, it is not a true fix, on the second stage it will do a proper fix using error codes. Yesterday, GitHub admins took down the GitHub repository of the hacker.
Electrum has warned its users to download the software only from the official website of Electrum, not from any other source. Electrum also requested its users to not provide the two-factor authentication at the time of login because it is only required at the time of making a transaction.