Bitcoin News

1,980 BTC ($22M) Hacked From Electrum Bitcoin Wallet Users

  • Cybercriminals hacked more than $22M (1.980 BTC) from Electrum Bitcoin wallet users.
  • Hackers used Binance accounts for some of the transactions.
  • They used the loopholes in ElectrumX to steal the funds.

Hackers over $22M (1.980 BTC) from Electrum Bitcoin wallet users through a technique of fake update requests. Users lost their funds after updating their wallets. As a result, the attacker’s Bitcoin account received the crypto assets.

Since December 2018, the “fake Electrum update scam” utilized around ten Bitcoin accounts. On August 30, a Github user made a post about losing 1,400 Bitcoin ($16 million) after updating an Electrum wallet.

In another incident, the cybercrime gang conducted a 5 BTC withdrawal via a Binance account. However, Binance associated the corresponding transaction number to over 75 different addresses.

Binance CEO Changpeng Zhao later tweeted that Binance has blacklisted the addresses involved.

Attacks have been carried out over the course of 2019 and 2020. On a few occasions, the Bitcoin node responsible for processing these transactions trace back to St. Petersburg, Russia.

Reports from Electrum wallet users (Source: ZDNet Investigations)
Reports from Electrum wallet users (Source: ZDNet Investigations)

The hackers were able to steal the funds due to the inner functions of the Electrum wallet app and its backend infrastructure. Electrum wallets are designed to connect to the Bitcoin blockchain. This is done through a network of Electrum servers — known as ElectrumX.

Unlike some wallet applications that control who can manage servers, everyone can set up an ElectrumX gateway server in Electrum’s open ecosystem. This loophole enabled the hackers to instruct the server to show a popup on the user’s screen telling users to access a URL and install an Electrum wallet app update.

Source: Peter Kacherginsky
Source: Peter Kacherginsky

After stealing the funds, criminals would then move them around and diversify them into smaller wallets. On the other hand, Electrum wallet app users should remain cautious.

If users don’t pay attention to the URL, they eventually end up installing a malicious version of the Electrum wallet.

The fake link is not from the official Electrum website.

CoinQuora Staff

CoinQuora is an online publication that aims to educate about news, exchanges, and markets in the cryptocurrency and blockchain industry

Related Articles

Back to top button