Fake Electrum Wallet ‘Update’ Phishing Attack
The news of the attack first appeared on GitHub via one of Electrum’s developers code-named SomberNight. Starting on Friday (Dec. 21, 2018), hackers began tricking Electrum wallet users into downloading an update, which turned out to be from a malicious source.
The hackers uploaded a bunch of malicious serves to the main network of the Electrum wallet. Once a user initiates a BTC transaction that reaches one of these servers, an error message pops up. This error message tries to trick them into downloading a fake Electrum wallet app.
If the user falls victim and downloads the malicious wallet, a message asking for two-factor authentication (2FA) shows up. This occurrence is unusual given that 2FA only comes into play when transferring BTC not when starting up the wallet. Once the user gives up their 2FA code, the hackers can siphon all the Bitcoin in the wallet.
As at press time, the hackers seem to have consolidated their loot into one BTC address which holds about 245 BTC (over $890,000).
Similar Attacks Will Likely Continue
CasaHodl CTO Jameson Lopp, a veteran software developer, explained that users who connect to their Electrum server were unaffected in the hack.
“A sybil + malware attack is ongoing against Electrum Wallet users,” he cautioned on Twitter.
If you see a message asking you to upgrade, don’t click on it! Users who only connect to their own personal Electrum server are unaffected.
Several comments on Reddit also back up Lopp’s statements saying that those running full nodes have no reason to worry.
Update ONLY From the Offical Electrum Website
Meanwhile, the Electrum Devs are urging users not to download any update from a source apart from the official website. Responding to the attacks, the project team updated the wallet app with a new upgrade that prevents the rendering of rich HTML text.
Commenting on this effort, SomberNight said:
We did not publicly disclose this until now, as around the time of the 3.3.2 release, the attacker stopped; however, they now started the attack again.
A more permanent solution would be to eliminate the ability to send customized error messages. This would prevent hackers from being able to send error codes that the wallet can decode into a message advising a specific action.
Without taking such steps, the hackers can continue the phishing attack. With a new download link, they can continue the attacks seeing as the project team says there are about 50 malicious servers.
Phishing attacks are one of the many means used by cybercriminals to steal cryptocurrency.
Do you think the Electrum Devs will be able to find a lasting solution to this new phishing hack? Please share your thoughts with us in the comments below.