Bitcoin btc
$ usd

Here’s How Hackers Stole $22M From Electrum Bitcoin Wallet Users

2 mins
Updated by Ryan Smith
Join our Trading Community on Telegram

In Brief

  • Hackers are still using a known malware exploit to steal Bitcoin from Electrum wallet users.
  • Cybercriminals are pushing fake updates to Electrum users and stealing their funds in the process.
  • Older wallet versions are especially vulnerable to this attack.
  • promo

Hackers continue to use a simple malware exploit to steal Bitcoin (BTC) from unsuspecting Electrum wallet users.
From malware attacks to cryptojacking exploits and attack vectors, malicious entities continue to devise means to steal cryptos. Constant vigilance and regular appraisal of security measures remain the best forms of defense against these cybercriminals.

Stealing Bitcoin via Fake Electrum Wallet Updates

Electrum wallet users are still vulnerable to an attack vector that has seen about $22 million in BTC stolen from victims. According to the tech news platform ZDNet, a technique discovered back in 2018 is still being used by rogue actors. This particular exploit affects users with older versions of Electrum. The hackers reportedly use fake Electrum servers to push malicious updates to older version wallet owners. If the intended victim installs the update, a popup appears, asking for a one-time password (OTP). Entering this OTP on the malicious wallet update gives the attacker the approval to drain funds from the user. Despite being a known attack vector, cybercriminals are still seeing success with this particular exploit. Back in Aug., BeInCrypto reported about a case where a victim lost $16 million in Bitcoin to this same malware. In May 2019, $4.6 million had also been stolen from Electrum users with over 150,000 infected hosts. This attack vector is possible because Electrum’s open architecture allows anyone to create an Electrum server. On most wallets, the host application itself controls and manages the servers. BTC Bitcoin TrackThus, it’s possible for rogue actors to continuously push malware-laden updates to unsuspecting victims. These updates redirect users to download the Electrum wallet from unofficial sources. The Electrum dev team has, for its part, tried to mitigate the problem by blacklisting servers associated with these malware attacks. They’ve also issued updates that prevent server administrators from sending HTML pop-ups to wallet owners. However, cybercriminals can create new servers, and the users of old Electrum wallets remain vulnerable to this attack. As always, wallet owners should remain vigilant when running updates to their apps and only interact with official project websites.


In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content.

Osato Avan-Nomayo
Osato is a reporter at BeInCrypto and Bitcoin believer based in Lagos, Nigeria. When not immersed in the daily happenings in the crypto scene, he can be found watching historical...