An Electrum user claims to have lost 1,400 BTC ($16,302,020 at the time of writing) by downloading an old version of the popular software wallet that is running on malicious servers.
Whoever was responsible for allegedly stealing a cryptocurrency fortune made the transaction on Aug. 29, paying $36.89 in fees.
Binance CEO Changpeng Zhao says that his exchange has already blacklisted the address.
Bad actors take over Electrum servers
The Electrum hack made plenty of headlines in early 2019 when bad actors launched an army of botnets to target the wallet’s network.
They successfully performed a Sybil attack by crowding out legitimate servers with malicious ones.
At one point, nearly 71 percent of all nodes were controlled by the attackers, with users receiving fake error messages that require downloading malware-infected wallet software camouflaged as a security update.
The hackers were able to steal seed data and upload it to a remote server, according to Malwarebytes Labs:
“In addition to the theft of wallet data, any balance present in the wallet is sent to one of several pre-programmed public addresses under control of the attackers. The destination address chosen is dependent on the address format utilized by the infected users’ Electrum wallet.”
In an upgraded version of their software, they even went as far as disabling Replace-by-Fee (RBF) transactions that can be reversed before miners confirm a block.
Don’t ignore software upgrades
Back then, Electrum developer Thomas Voegtlin urged all users to update their software but it appears that not everyone paid heed to his words.
All versions of the wallet that are older than 3.3.4 are vulnerable to such phishing attacks.
“Electrum wallet users need to update the software to the latest version (3.3.4) from the official repository and be particularly careful with update or other warning messages that could be disguised phishing attempts.”
Yuri Molchan
Tomiwabold Olajide
Vladislav Sopov