Electrum Wallet Attack May Have Stolen As Much as 245 Bitcoin

Bitcoin Electrum Wallet Attacked Hacker Steals 200 BTC

Bitcoin Electrum Wallet Attacked Hacker Steals 200 BTC

According to emerging reports, the popular Bitcoin wallet software Electrum has been attacked costing those affected over $750,000 worth of Bitcoin.

The app, which closely resembled its bonafide counterpart, was exposed as a vector of attack that malicious individuals can exploit, stealing Bitcoin private keys in the process.

The news of the attack first appeared on GitHub via one of Electrum's developers code-named SomberNight. The attack reportedly began on December 21, and stopped after GitHub admins took down the attackers' repository.

To acquire users' bitcoin, the attacker added several malicious servers to Electrum's network.

Some users even manually copy-and-pasted the link provided in the error message and downloaded the malicious update via that route. After downloading the app, the user logged back in again, and the system asked them for their 2-factor authentication (Electrum normally only asks this when a user is attempting to send funds to a recipient). This occurrence is unusual given that 2FA only comes into play when transferring BTC not when starting up the wallet. This code would then be used to make a legitimate transaction to the attacker's wallet.

The user made multiple attempts to send their BTC, and each time would get an error message saying, "max fee exceeded no more than 50 sat/B".

Electrum Wallet Attack May Have Stolen As Much as 245 Bitcoin

CasaHodl CTO Jameson Lopp, a veteran software developer, explained that users who connect to their Electrum server were unaffected in the hack.

"A sybil + malware attack is ongoing against Electrum Wallet users", he cautioned on Twitter. For now, GitHub admin have removed the fraudulent repo but there are concerns that the same scam could be repeated using a link to a different repository or alternative download source.

After receiving news of attacks, the Electrum team responded by silently updating the Electrum wallet app, so these messages don't render as rich HTML text anymore.

"We did not publicly disclose this [attack] until now, as around the time of the 3.3.2 release, the attacker stopped..."

A more permanent solution would be to eliminate the ability to send customized error messages. This would prevent hackers from being able to send error codes that the wallet can decode into a message advising a specific action. Other reports indicate that the attack garnered 250+ BTC for hackers, but these numbers haven't been confirmed.

Despite the slowdown, Electrum's admins believe the attack will continue in the near future, as soon as the attacker gets a new download location for its malicious files. In September, Bitcoinst reported on the use of fake websites in Singapore to steal credit card information.

Michael Cohen Speaks Out After Bombshell Prague Report: ‘Mueller Knows Everything!’
Notably, Cohen did not admit to lying to Congress when he denied claims made in the dossier. However, Cohen, who has turned decisively against Trump, still insists he wasn't in Prague.

Recommended News

  • Instagram gets rid of scrolling - by accident

    Instagram gets rid of scrolling - by accident

    Facebook has subsequently gone on record to say that the update wasn't meant to be rolled out globally to all Instagram users . There is no option in the settings part of the app to change the feed back to the original one either.
    Central bank is United States  economy’s ‘only problem’

    Central bank is United States economy’s ‘only problem’

    Opinions are the authors; not necessarily that of OANDA Corporation or any of its affiliates, subsidiaries, officers or directors. He said the executives assured him their banks are healthy and have "ample liquidity" to lend to consumers and businesses.
    Unai Emery admits Arsenal are unlikely to make any January signings

    Unai Emery admits Arsenal are unlikely to make any January signings

    Tottenham's loss in their last visit to Arsenal is the only time they have tasted defeat in 11 games. However, Emery urged his side to react positively against their neighbours: "We need to improve".
  • Relatives of the Guatemalan boy who died in CBP custody speak out

    Relatives of the Guatemalan boy who died in CBP custody speak out

    In the past three weeks, two Guatemalan children have died after they were detained with their fathers after crossing the border. With no medical professional on duty at that time, agents chose to transfer both the boy and his father back to the hospital.
    Australia v India: Cheteshwar Pujara and Virat Kohli cause Australia problems

    Australia v India: Cheteshwar Pujara and Virat Kohli cause Australia problems

    Bumrah trapped Shaun Marsh lbw with a textbook slower ball to end Friday's morning session then made a mess of Head's stumps. Usman Khawaja (21) fell to this ploy, caught at short leg, as Australia slipped further to 53 for 3 in the 20th over.
    CES 2019: Samsung Rumored to Show off ‘Sound on Display’ OLED Panels

    CES 2019: Samsung Rumored to Show off ‘Sound on Display’ OLED Panels

    The tool aims to allow creators to record and edit at the same time, using AI to add visual and sound effects to recorded videos. Prismit is an AI-based news app that shows news articles of the same topic automatically aligned in the form of a timeline.
  • How to Watch Pinstripe Bowl: Miami vs

    How to Watch Pinstripe Bowl: Miami vs

    Rosier replaces N'Kosi Perry, who started the past three games, including victories over Virginia Tech and Pittsburgh. Duke (8-5), which entered the game having lost two in a row, held Temple without a point in the final 34 minutes.
    College Football Star Skipping His Team’s Bowl Game

    College Football Star Skipping His Team’s Bowl Game

    However, the Jim Thorpe Award-winning cornerback was not at practice last Friday after flying home to Miami. If Georgia had defeated the Tide, it would likely have earned a spot in the College Football Playoff.
    Blue sky at night lights up social media in NY

    Blue sky at night lights up social media in NY

    People immediately took to social media to post images of the sky across the city illuminated by an eerie blue-green light. Meanwhile, the power cut hit New York's LaGuardia Airport, which warned travellers to be prepared for delays.
  • Nationwide internet outage affects CenturyLink

    Residential customers have also tweeted some harsh words, mostly about the lack of updates and customer service from CenturyLink. Rather than using digital devices, they had to take notes with pencil and paper, according to the Greeley Tribune .
    Miley Cyrus Poses With Her Famous Parents in New Wedding Photos

    Miley Cyrus Poses With Her Famous Parents in New Wedding Photos

    On Wednesday, Miley posted two sweet photos from the private ceremony on Instagram and Twitter , confirming her and Hemsworth's new union .
    Seth Rogen Shocks Twitter When He Makes A Mind-Blowing ‘Home Alone’ Discovery

    Seth Rogen Shocks Twitter When He Makes A Mind-Blowing ‘Home Alone’ Discovery

    Then, Spider-Man: Into the Spider-Verse codirector Rodney Rothman chimed in: "I didn't know it until you just said this". Rogen, in turn, tweeted: "Sorry dude".

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.