Hackers steal Bitcoin worth $750,000 by hacking Electrum wallets

This year we have seen an unprecedented rise in malware attacks against cryptocurrency wallets whereas cryptomining incidents have increased by 4,000%, reports McAfee. The latest attack on well-known Bitcoin wallet Electrum further proves that malware attacks on crypto wallets are indeed on a rise.

According to reports, Electrum Bitcoin wallet has been attacked and hackers have stolen over 200 bitcoin, which is equivalent to $750,000. Reportedly, the attack started on 21st Dec, 2018 and a pre-existing vulnerability is responsible for letting the attackers compromise Electrum’s security.

The vulnerability enabled the Electrum servers to generate random popups in custom text and using fake Electrum servers the hackers were able to display these popups on the screens of unsuspecting users. Users were encouraged to download an emergency software update.

Screenshot of the pop-up

For your information, Electrum is a Bitcoin wallet that’s different from other wallets as users don’t need to download the full blockchain and instead the wallet’s servers remotely offer them blockchain, which users access via their wallet.

During the attack, malicious servers were added to the network of the wallet and when users tried to carry out a Bitcoin transaction they reached the fake servers that led them to the hackers’ GitHub page and showed them a message asking them to download and install an update.

The download was actually malware that unsuspecting users downloaded as a new version of the Electrum wallet. Once the malware was installed, users were prompted to enter the 2FA authentication codes, which attackers hijacked and used to steal bitcoin. Resultantly, they were able to transfer funds into their own wallets.

Researchers claim that hackers utilized a total of 33 fake servers and the attack has stopped now. However, it is suspected that attackers might launch another attack because the Electrum’s developer team hasn’t yet patched the vulnerability and only GitHub has removed the fake repo.

Although Electrum’s team hasn’t yet developed a strategy to thwart similar attacks in the near future the team was able to mitigate the severity of damage to users’ wallets’ balance early on. The team changed the appearance of the message of the hackers from a rich HTML text and removed the link to the fake GitHub repo that was part of the original message.


A developer at Electrum known by the alias SomberNight explains how the team changed the hacker’s message:

“We did not publicly disclose this until now, as around the time of the 3.3.2 release, the attacker stopped… However, they now started the attack again.”

Electrum has modified its software and has also released an update but this isn’t an actual fix because a proper fix would require upgrading of the entire “federated server ecosystem out there” claims SomberNight.

This, however, is not the first time that Electrum has made headlines for all the wrong reasons. In January 2018, researchers reported a critical vulnerability in Electrum wallets that would have allowed hackers to steal users’ funds. The identified vulnerability was suspected to be present for the past two years when Electrum version 2.6 was released.

Related Posts