Hackers used a clever new tactic to steal over $700k from the users of a popular bitcoin wallet
December 27, 2018, 4:55PM EST
1 min read
Admins of popular Bitcoin wallet, Electrum, are warning users of a phishing attack that tricks its users into downloading a malicious update that steals their password codes. According to ZDNet, these hackers added tens of malicious servers to Electrum' wallet network which, when triggered, prompts users to download a wallet update containing malicious code. Users of this updated version will be asked to enter their 2-factor authentication code, which the hackers will use to access their wallet—emptying their balance. Hackers were able to steal over 200 bitcoins, approximately $730k at the time of this writing.
According to ZDNet, the core issue for Electrum is that it allows "popups with custom text" to trigger in a user's wallet interface. This enables attackers to get direct access to their victim's interface and render authentic-looking server messages like the one below.
According to Electrum's developers, these attacks began on December 21 and while the developers have taken down the hacker's GitHub repository, which contains the malicious code, they have yet to patch the main attack vector. Developers warn that another attack may soon be underway.
Sygnum Bank’s Digital Asset Outlook 2022 report analyses the developments that shaped the crypto industry in 2021, and lays out Sygnum’s strategic outlook for the market and its key sectors and trends for the year ahead.