Hackers over $22M (1.980 BTC) from Electrum Bitcoin wallet users through a technique of fake update requests. Users lost their funds after updating their wallets. As a result, the attacker’s Bitcoin account received the crypto assets.
Since December 2018, the “fake Electrum update scam” utilized around ten Bitcoin accounts. On August 30, a Github user made a post about losing 1,400 Bitcoin ($16 million) after updating an Electrum wallet.
In another incident, the cybercrime gang conducted a 5 BTC withdrawal via a Binance account. However, Binance associated the corresponding transaction number to over 75 different addresses.
Binance CEO Changpeng Zhao later tweeted that Binance has blacklisted the addresses involved.
Not your code, not your funds. Beware of this Electrrum official update. This guy lost 1400 BTC, and plenty of others lost funds too. https://t.co/5AaMKIXnFK
— CZ Binance (@cz_binance) August 30, 2020
The hackers were able to steal the funds due to the inner functions of the Electrum wallet app and its backend infrastructure. Electrum wallets are designed to connect to the Bitcoin blockchain. This is done through a network of Electrum servers — known as ElectrumX.
Unlike some wallet applications that control who can manage servers, everyone can set up an ElectrumX gateway server in Electrum’s open ecosystem. This loophole enabled the hackers to instruct the server to show a popup on the user’s screen telling users to access a URL and install an Electrum wallet app update.
After stealing the funds, criminals would then move them around and diversify them into smaller wallets. On the other hand, Electrum wallet app users should remain cautious.
If users don’t pay attention to the URL, they eventually end up installing a malicious version of the Electrum wallet.
The fake link is not from the official Electrum website.