Popular Bitcoin wallet Electrum and Bitcoin Cash wallet Electron Cash are subject to an ongoing phishing attack. Beware of any strange behavior and non-official URLs!
Just days before Christmas, Electrum Bitcoin Wallet announced its latest update. Codenamed Hodler’s Edition, this was supposed to be the last update before the Proof of Keys celebration. On Jan 3, 2019 — 10 years after the official launch of the Bitcoin network — users who truly believe in Satoshi Nakamoto’s vision are encouraged to withdraw their bitcoins to wallets they control. This way, they show the world they have real control over their wealth.
Indeed, a reason to celebrate for most of us, yet, at the same time, it is also the kind of event that attracts unwanted attention from malicious actors.
Pay Particular Attention To Any ‘Update Required’ Message
These malicious actors are already on the job and are currently targeting Electrum Bitcoin Wallet.
Fortunately, it’s not a hack, per se. According to the developers on GitHub, there is an ongoing phishing attack. The users are encouraged to update their current wallet version by actually downloading a malware version.
Essentially, the hackers spammed the Electrum network with their own version of servers/nodes. If a wallet user connects to any malicious server (if the user tries to send some bitcoins, for example, and broadcasts the transaction), a ‘Security update required’ message appears. The message box has a URL that is not the official GitHub page. Furthermore, if the user clicks on the link, it won’t open. The user has to manually copy and paste to access the link and download the compromised version. Once downloaded and installed, the malware steals any BTC funds the user may have in the Electrum wallet.
Since Electron Cash is a ‘fork’ of Electrum, only destined for Bitcoin Cash (the source code between the two is very similar), the same attack is happening on the BCH network, according to some users.
— dexx ⚡️ (@dexx7y) December 27, 2018
Electrum Wallet Releases Small Update (But Not A True Fix)
Electrum developers moved quickly and released a small update in their attempt to make the phishing attack more obvious for the non-technical user.
The update changes the way the error appears. In other words, instead of a rich-text-based organized message, the user receives a non-formatted error that looks more like unreadable code.
The update is not a fix!
The developers admitted they didn’t publicly ‘disclose’ the problem until now because the attack was short and stopped when the latest 3.3.2 version was released. However, the attack resumed. Now, the users should see the message is actually an error and not a real security update warning.
200 BTC Stolen So Far — And Counting?!
AccordinReddit reddit user, the attacker’s Bitcoin address is this:
Thus far, the phisher has stolen over 200 BTC, worth around $760,000 at the time of the attack. Data revolving the BCH stolen hasn’t been revealed yet.
The attack is still ongoing, even though the phisher will now have a harder time in convincing an Electrum user the message is actually legitimate.
To avoid losing your BTC or BCH, always compare the URLs from any Electrum/Electron Cash message box to the ones found on the wallets’ official sites. Also, be sure to access the wallets’ official sites and check for updates there, before taking any update message seriously.
What do you think of this latest phishing attack? Let us know your thoughts in the comments below!
Images courtesy of GitHub, Twitter, Blockchain, Reddit.