Main navigation

Electrum User Claims to Have Lost $16,000,000 Worth of Bitcoin to Hacker Because of One Fatal Mistake

Advertisement
Sun, 30/08/2020 - 18:45
Electrum User Claims to Have Lost $16,000,000 Worth of Bitcoin to Hacker Because of One Fatal Mistake
Cover image via www.123rf.com
Read U.TODAY on
Google News
Advertisement

An Electrum user claims to have lost 1,400 BTC ($16,302,020 at the time of writing) by downloading an old version of the popular software wallet that is running on malicious servers.

Whoever was responsible for allegedly stealing a cryptocurrency fortune made the transaction on Aug. 29, paying $36.89 in fees.

Article image
image by blockchain.com

Binance CEO Changpeng Zhao says that his exchange has already blacklisted the address. 

Bad actors take over Electrum servers  

The Electrum hack made plenty of headlines in early 2019 when bad actors launched an army of botnets to target the wallet’s network.

They successfully performed a Sybil attack by crowding out legitimate servers with malicious ones.    

Advertisement

At one point, nearly 71 percent of all nodes were controlled by the attackers, with users receiving fake error messages that require downloading malware-infected wallet software camouflaged as a security update. 

Article image
image by portswigger.net

The hackers were able to steal seed data and upload it to a remote server, according to Malwarebytes Labs:

“In addition to the theft of wallet data, any balance present in the wallet is sent to one of several pre-programmed public addresses under control of the attackers. The destination address chosen is dependent on the address format utilized by the infected users’ Electrum wallet.”

In an upgraded version of their software, they even went as far as disabling Replace-by-Fee (RBF) transactions that can be reversed before miners confirm a block.

Related

Don’t ignore software upgrades 

Back then, Electrum developer Thomas Voegtlin urged all users to update their software but it appears that not everyone paid heed to his words.   

All versions of the wallet that are older than 3.3.4 are vulnerable to such phishing attacks.    

“Electrum wallet users need to update the software to the latest version (3.3.4) from the official repository and be particularly careful with update or other warning messages that could be disguised phishing attempts.”

Related articles

Advertisement
TopCryptoNewsinYourMailbox
TopCryptoNewsinYourMailbox
Advertisement
Advertisement

Recommended articles

Latest Press Releases

Our social media
There's a lot to see there, too

Popular articles

Advertisement
AD