Here’s How Hackers Stole $22M From Electrum Bitcoin Wallet Users

Share Article
In Brief
  • Hackers are still using a known malware exploit to steal Bitcoin from Electrum wallet users.

  • Cybercriminals are pushing fake updates to Electrum users and stealing their funds in the process.

  • Older wallet versions are especially vulnerable to this attack.

  • promo

    Claim a $200 reward with 3 simple steps — only on Bybit!

The Trust Project is an international consortium of news organizations building standards of transparency.

Hackers continue to use a simple malware exploit to steal Bitcoin (BTC) from unsuspecting Electrum wallet users.



From malware attacks to cryptojacking exploits and attack vectors, malicious entities continue to devise means to steal cryptos. Constant vigilance and regular appraisal of security measures remain the best forms of defense against these cybercriminals.

Stealing Bitcoin via Fake Electrum Wallet Updates

Electrum wallet users are still vulnerable to an attack vector that has seen about $22 million in BTC stolen from victims. According to the tech news platform ZDNet, a technique discovered back in 2018 is still being used by rogue actors.



This particular exploit affects users with older versions of Electrum. The hackers reportedly use fake Electrum servers to push malicious updates to older version wallet owners.

If the intended victim installs the update, a popup appears, asking for a one-time password (OTP). Entering this OTP on the malicious wallet update gives the attacker the approval to drain funds from the user.

Despite being a known attack vector, cybercriminals are still seeing success with this particular exploit. Back in Aug., BeInCrypto reported about a case where a victim lost $16 million in Bitcoin to this same malware.

In May 2019, $4.6 million had also been stolen from Electrum users with over 150,000 infected hosts. This attack vector is possible because Electrum’s open architecture allows anyone to create an Electrum server. On most wallets, the host application itself controls and manages the servers.

Thus, it’s possible for rogue actors to continuously push malware-laden updates to unsuspecting victims. These updates redirect users to download the Electrum wallet from unofficial sources.

The Electrum dev team has, for its part, tried to mitigate the problem by blacklisting servers associated with these malware attacks. They’ve also issued updates that prevent server administrators from sending HTML pop-ups to wallet owners.

However, cybercriminals can create new servers, and the users of old Electrum wallets remain vulnerable to this attack. As always, wallet owners should remain vigilant when running updates to their apps and only interact with official project websites.


All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Share Article

Osato is a reporter at BeInCrypto and Bitcoin believer based in Lagos, Nigeria. When not immersed in the daily happenings in the crypto scene, he can be found watching historical documentaries or trying to beat his Scrabble high score.

Follow Author

$200 reward waiting for you — Deposit, Trade, Follow and Claim today!


Limited offer! Learn to mine and trade crypto today for free