An attack on the Electrum bitcoin wallet has so far netted hackers over 200 bitcoin worth around $750,000. The attack began on December 21, 2018. Though it has victimized some unsuspecting users, it can be avoided.
Electrum is a Bitcoin wallet which doesn’t require the user to download the full blockchain. Instead, servers remotely provide users with the blockchain and they access it through their wallet. It is one of the most popular Bitcoin wallet implementations and forks of it for both versions of Bitcoin Cash as well as Litecoin, Dogecoin, and Dash have been created over the years.
Malicious servers were been added to the Electrum wallet network. When users attempted a bitcoin transaction which reached one of these illegitimate servers the user received a message within the wallet application instructing them to download and install an update. The message led unsuspecting uses to the hacker’s GitHub page.
The resulting download was actually malware disguised as a new version of the Electrum wallet. The installed malware then prompted users to enter their two-factor authentication codes. This allowed the attackers to then use the authentication codes and steal bitcoin by transferring funds to their own bitcoin address.
An Electrum developer posted details of the hack in the last 24 hours on Github sharing the following screenshot of the hackers first false message and link which they had managed to infiltrate into the Electrum user interface:
Malicious Electrum Pop Up Source: Electrum Github
Electrum has since modified its software and released an update but, said SomberNight:
This is not a true fix, but the more proper fix of using error codes would entail upgrading the whole federated server ecosystem out there…
The Electrum Github repository detailing this issue also confirms that:
We did not publicly disclose this until now, as around the time of the 3.3.2 release, the attacker stopped; however they now started the attack again.
The latest malicious popup and link looked like this:
Latest Malicious Electrum Pop Up Source: Electrum Github
Reporting by ZDNet indicates Github admins have now removed the repository with the malicious wallet version.
That said, Electrum Wallet users should remain vigilant as the hackers have persevered and adjusted their efforts over the last week, so new attacks are likely.
Electrum has warned its users to only download software from electrum.org and not Github tweeting:
There is an ongoing phishing attack against Electrum users. Our official website is https://electrum.org Do not download Electrum from any other source. More on the attack here: https://github.com/spesmilo/electrum/issues/4968 …
5:57 PM – Dec 27, 2018
Twitter Ads info and privacy
when broadcasting transaction, error message from server is displayed as is · Issue #4968 ·…
TL;DR: There is an ongoing attack against users where servers raise exceptions when a client broadcasts a transaction; in this case the error text is displayed as is in the client GUI. The attacker…
283 people are talking about this
Twitter Ads info and privacy
Another red flag for users who unwittingly download the malware should be the request for two-factor authentication when starting the malware affected new wallet version. Two-factor authentication is only normally requested when making a transaction.
It’s not just Electrum wallet users that need to be vigilant, malware attacks on cryptocurrency users are increasing. Non-cryptocurrency users are at risk too, a McAfee report in the past few days also says that crypto mining malware incidences have risen 4,000% in 2018 alone.
There is a saying in the crypto world : if you don’t hold your private key, someone else does.
This has certainly been the case cryptocurrency exchanges, where millions of user funds have been stolen in recent months. And even wallets where users control their own keys have been hacked, again with millions in crypto being stolen.
Instead of generating and storing a private key, the DigitalBank Vault Device, uses a different system . Any kind of ” Keys ” never leaves its device (so can’t be intercepted). The Private Key is actually never stored on the device from the first place ,it is cut in the 3 pieces encrypted within your own biometric data .
This means that each transaction is trustlessly verified without exposing any sensitive information about the users involved.
The result is a near to unhackable device and that is a huge step up in crypto security.
DigitalBank is bringing back the glory of the private and secured banking to the public .
As cyber security experts say : nothing is unhackable? We totally agree , but the DigitalBank Device , comes so close and makes accessing user data almost impossible .
There is a little chance of outside attack since the user never has to download or install anything at all to use the DigitalBank Vault Device.