Two Electrum software wallet users recently reported the loss of large amounts of Bitcoin (BTC).. One of the victims described that 1,400 BTC were missing, which amounted to a total of $ 14,595,000 at press time, while another claimed that 36.5 BTC, valued at $ 380,512, had been stolen. The facts appear to be related to a longstanding phishing scam that has affected Electrum users since 2018.
“”Users should be careful when handling their own keys, especially when storing the keys of a wallet with a large amount of cryptocurrency, as this makes them attractive to hackers.“Jason Lau, COO of Cryptocurrency Exchange OKCoin, told Cointelegraph in response to the 1,400 BTC hack, adding:
“In this incident, apparently due to a phishing attack, the user installed an update that allowed the hacker to access the private keys and funds. Phishing scams are widespread and evolving in all types of financial applications“.
Look into the past
First news of a phishing scam affecting Electrum’s wallet hit the headlines on December 27, 2018, with nearly a million dollars reported stolen. “The hacker installed a lot of malicious servers,” said a Reddit user promoting the hack.
Essentially, The hacker took users to a malicious website through the servers and asked them to enter private information, which in turn forced the nefarious person behind the system to take control of their assets. The scam also included an update to the fake wallet that was used to download the malware onto victims’ devices, as described in another Reddit article.
At the time the Cointelegraph report was presented As of December 2018, the wallet address associated with the scam contained 243 BTC. If you look at the address today you will see that 637.44 BTC visited and came out of the now empty wallet.
In the months after Electrum Phishing went public, wallet troubles have continued, including a Denial of service attack that looked very similar to the 2018 phishing scam mentioned above, even mislead leading victims with fake software updates.
Crack the $ 14.6 million Bitcoin heist
In the past few weeks, two other Electrum wallet users have reported their Bitcoin wallets being stolen. One of the users of the wallet reportedly suffered a loss of 1,400 BTC. “I had 1,400 BTC in a wallet that I hadn’t accessed since 2017,” the victim said in a post on GitHub on August 30, 2020, adding:
“I foolishly installed the old version of the electrum wallet. My coins were sprawling. I tried to transfer about 1 BTC but couldn’t. A popup indicated that I needed to update my security before transferring money can. I installed the update that immediately triggered the transfer of all my credit to a fraudulent address“.
Cointelegraph employees’ tracking of the blockchain revealed a likely link between the 1,400 BTC thieves and a Binance exchange account., based on a specific transaction ID. However, the transaction is identified There were more than 75 different wallet addresses, a Binance representative told Cointelegraph.
The representative also noticed that Difficulties and gray areas related to tracking and linking transactions to criminal offenses due to the nature of the cryptocurrency and the many parties involved in transactions on a daily basis. “The streams entering a malicious cluster should not be presumed to come from any person / group associated with the company, especially if it is a cluster that is being used to raise funds directly from to get the victims, “added the representative.
Regarding Cointelegraph’s first report of the 1,400 BTC stolen, the spokesman said: “The account at the heart of this article has been verified and no suspicious indicators have been foundPrevious Cointelegraph reports They also traced some of the stolen bitcoins back to Russia, although the potential use of VPN has not drawn any definitive conclusions.
“”Binance’s address is on the scammer’s file, probably just another victim“, Publicity Electrum’s Twitter account on September 1 in response to Cointelegraph reports. The tweet also published the attack as a correlation to the 2018 phishing scam, adding, “There is no need to involve Russian hackers.”.
“The peer-to-peer detection system introduced by Electrum is a design choice to keep the system decentralized. In this case, however, it played an important role in allowing the hacker to send a false ‘Update your software’ message,” he said . Lau about the 1,400 BTC hack, adding: “Users should always verify the authenticity of a wallet client software and particularly carefully check the source of all updates.. “
Uncovering another theft of 36.5 BTC
Shortly after the 1,400 BTC theft was published, another GitHubber responded to the thread with a similar case they suffered two months earlier when a malicious actor allegedly removed 36.5 BTC from the wallet. Known as Cryptbtcaly on GitHub, the victim tracked the stolen funds after the robbery on five different addresses. “Some of the stolen bitcoin went to Binance, but they ignore my requests and don’t come back,” Cryptbtcaly said on GitHub.
A controversial point with the recent Electrum hacks was that the victims kept large amounts of money in a software wallet. A guide from the online education source BitDegree noted this Software purses bear the risk of malware and keylogging attacks: “They’re not as secure as hardware wallets, but they’re more convenient to use. This makes them perfect for everyday expenses, but they’re not ideal for keeping large sums of money over a long period of time.“.
Common industry best practices often lead users to hardware walletslike Ledger or Trezor. However, both companies have also faced several challenges recently Hardware wallets are still the preferred method for crypto storage.
Don’t stop reading: