The behind the scenes talk about how with the help of Bitcoin phishing attacks, Electrum hackers have stolen $4 million

2021-08-09

In response to an earlier April 9 news that Bitcoin Wallet Electrum had been attacked by the botnet DoS, Devi Security Lab analysis said hackers used botnets of more than 140,000 computers to attack Electrom's nodes and simultaneously deploy malicious nodes. When a user connects to these malicious nodes and sends a transaction using an older version of Electrum, the user is prompted to update the Backdoor Client. If the user installs the client as prompted, the private key is stolen and all digital assets are lost. Millions of dollars of digital currency have been stolen, according to Electrum officials.

Users of Bitcoin wallet Electrum are currently facing phishing attacks, according to the Devi Security Lab. Hackers broadcast messages to electrum clients through a malicious server, prompting the user to update to v4.0.0, and if the user is prompted to install this backdoor-carrying client, the private key is stolen and all digital assets are stolen. At the time of writing, at least 1,450 BTCs (stolen by one user, antimalware firm Malwarebytes and Electrum) had been stolen in phishing attacks that faked Electrum upgrade tips, with a total value of approximately $11.6 million. It is worth mentioning that electrums below version 3.3.4 are vulnerable to such phishing attacks, and users of Electrum wallets are requested to update to the latest version of Electrum3.3.8 via the official website (electrum.org), which has not yet been officially released, and do not use the links in the prompts to avoid asset losses.

A new version of Electrum Wallet v0.18.16 was released.

According to slow fog zone news, Electrum fake upgrade tips of the phishing attack has stolen at least 200 BTC, this attack by upgrading Electrum alone can not be avoided, the need for the entire ecological service to make corresponding changes (because Electrum this client is not a full node, and then on the transaction broadcast and the corresponding service side of the message communication, attackers can also deploy malicious server). Slow fog zones remind users that phishing attacks like Electrum require long-term vigilance. The slow fog zone has previously issued an alert for selectrum phishing updates, and hackers who attacked Electrum wallets used Electrum's software to unusually construct malicious software update prompts to induce users to update and download malware usage.

So far, counterfeits have been found in wallets such as Ledger, Trezor, Jaxx, Electrum, MyEtherWallet, MetaMask, Exodus and KeepKey. The number of test cryptocurrencies sent by Denley has not yet been withdrawn, suggesting that hackers either have to manually empty their wallets or they are only interested in larger balances.

The cyberattack on Electrum wallets allowed hackers to steal nearly $1 million worth of BTC.

Electrum Cash.

Electrum Cash.

Earlier this month, Electrum detected a DoS attack on its network, allegedly launched by a malicious botnet with more than 140,000 machines, designed to provide Electrum to users.

Denley found extensions for wallet applications for different companies such as Ledger, Jaxx, Electrum, Meta Mask, and Exodus. He also revealed that hackers may not be as skilled as people think. Theft often doesn't happen immediately, which means that hackers may not have discovered how to do it automatically, but have to access each wallet separately.

electrum hackers

electrum hackers

Qtum Electrum synchronously updates electrum-related code.

Recently, Microstable online monitoring of a group of foreign hackers since 2015, began to register adtool.tech, jam-software.xyz, robomirror.xyz, electrum-wallet and other phishing host management tools Bitcoin wallet website domain name, used to spread bundled backdoor tool software, once users download from these sites adtool, robomirror, electrum and other tools, will be the host cryptocurrencies-related data back to the hacker's C.C. server.

When Electrum wallets are synchronized with malicious servers, they are instructed to "update" clients provided by hackers, resulting in the loss of assets contained in older versions. Previously, in December 2018, Electrum.

Electrum upgrade.

Electrum upgrade.

Hackers have hacked Electrum wallets and so far stolen 200 BTCs from users.

Electrum is a popular software wallet that works by connecting to a dedicated server. These servers receive a hash of the Bitcoin address in the wallet and reply with transaction information. Electrum wallets are fast and have few resources, but by default, it connects to these servers and can easily monitor users. In addition to Electrum, some other software uses public Electrum servers. By 2019, it is a faster and better alternative to BIP37.

Electrum 0.18.8 is available for details at github.

According to information posted on social media on December 27th, Electrum's wallet was hacked and nearly 250 bitcoins ($937,000) were maliciously stolen, coinelegraph reported. Electrum later confirmed that the attack included creating a fake version of the wallet and tricking users into providing password information. Reddit user u/ normal_rc that hackers set up a large number of malicious servers. Electrum responded on Twitter today that "this is a persistent phishing attack against Electrum users" and implored users to check the effectiveness of the resources they log on to.

It's not hard to run your own Electrum server and point your wallet to just use it. This restores Electrum to the point where it has the same privacy and security attributes as the full node, where no one else can see the address or transaction that the wallet is interested in. Electrum then becomes an all-node wallet.

Bitcoin wallet Electrum official Twitter announced that the next version of Electrum will support Lightning online payments. Its lightning node implementation has been consolidated into the main branch of Electrum. Electrum also confirmed that the wallet will adopt a new implementation of in-house development written using Python.

Electrum Wallet is one of the most popular Bitcoin wallets and has been around for several years. However, Electrum wallet users often rely on Electrum servers, which presents some security and privacy trade-offs. If you use electrum personal servers, Electrum wallet users can connect locally to their own private servers, enjoying the convenience of Electrum without any trade-offs.