Electrum User Claims to Have Lost $16,000,000 Worth of Bitcoin to Hacker Because of One Fatal Mistake

News
Sun, 08/30/2020 - 18:45
Alex Dovbnya
A Bitcoin user claims to have lost 1,400 BTC after downloading an old version of the Electrum wallet
Electrum User Claims to Have Lost $16,000,000 Worth of Bitcoin to Hacker Because of One Fatal Mistake
Cover image via www.123rf.com
Contents

An Electrum user claims to have lost 1,400 BTC ($16,302,020 at the time of writing) by downloading an old version of the popular software wallet that is running on malicious servers.

Whoever was responsible for allegedly stealing a cryptocurrency fortune made the transaction on Aug. 29, paying $36.89 in fees.

Blockchain
image by blockchain.com

Binance CEO Changpeng Zhao says that his exchange has already blacklisted the address. 

Bad actors take over Electrum servers  

The Electrum hack made plenty of headlines in early 2019 when bad actors launched an army of botnets to target the wallet’s network.

They successfully performed a Sybil attack by crowding out legitimate servers with malicious ones.    

At one point, nearly 71 percent of all nodes were controlled by the attackers, with users receiving fake error messages that require downloading malware-infected wallet software camouflaged as a security update. 

Electrum
image by portswigger.net

The hackers were able to steal seed data and upload it to a remote server, according to Malwarebytes Labs:

“In addition to the theft of wallet data, any balance present in the wallet is sent to one of several pre-programmed public addresses under control of the attackers. The destination address chosen is dependent on the address format utilized by the infected users’ Electrum wallet.”

In an upgraded version of their software, they even went as far as disabling Replace-by-Fee (RBF) transactions that can be reversed before miners confirm a block.

Related Electrum Blows Lid on ‘Electrum Pro’ Copycat Site, Sees Domain go on Sale
Related
Electrum Blows Lid on ‘Electrum Pro’ Copycat Site, Sees Domain go on Sale

Don’t ignore software upgrades 

Back then, Electrum developer Thomas Voegtlin urged all users to update their software but it appears that not everyone paid heed to his words.   

All versions of the wallet that are older than 3.3.4 are vulnerable to such phishing attacks.    

“Electrum wallet users need to update the software to the latest version (3.3.4) from the official repository and be particularly careful with update or other warning messages that could be disguised phishing attempts.”

About the author

Alex Dovbnya (aka AlexMorris) is a cryptocurrency expert, trader and journalist with extensive experience of covering everything related to the burgeoning industry — from price analysis to Blockchain disruption. Alex authored more than 1,000 stories for U.Today, CryptoComes and other fintech media outlets. He’s particularly interested in regulatory trends around the globe that are shaping the future of digital assets, can be contacted at alex.dovbnya@u.today.