An Electrum wallet user has reportedly lost millions of dollars in bitcoin after installing a dated version of the software.
On Saturday, August 29, in a post on GitHub, a user called ‘1400BitcoinStolen’ described the loss of 1,400 bitcoin due to “foolishly” installing an old version of the cryptocurrency wallet. At the time of writing, the lost amount was equal to around $16.3 million.
The loss occurred after the user in question attempted to access bitcoin that “hadn’t been touched since 2017”. Upon reinstalling the Electrum wallet and trying to transfer one bitcoin, 1400BitcoinStolen found a
pop-up stating I was required to update my security prior to being able to transfer funds. I installed the update, which immediately triggered the transfer of my entire balance to a scammer’s address.
The alleged transfer of funds to the perpetrator occurred on the same day. Binance CEO Changpeng Zhao was quick to blacklist the address from Binance and issued a reminder warning.
Not your code, not your funds. Beware of this Electrrum official update. This guy lost 1400 BTC, and plenty of others lost funds too. https://t.co/5AaMKIXnFK
— CZ Binance (@cz_binance) August 30, 2020
In business since 2011, and despite undergoing multiple updates, Electrum has a history of being unable to stop bad actors from exploiting vulnerabilities. In 2018, the Electrum network suffered another phishing attack where hackers created multiple fake servers on the network.
In this case, 245 bitcoin were lost. The Electrum website explicitly warns users against using older versions of its product.
Some social media responses expressed surprise that this type of theft could happen long after the disclosure of similar attacks. Others took it a step further, citing it as evidence people can’t be trusted with their own money. One user tweeted,
as cool as it sounds to be your own bank when Bitcoin goes mainstream, the majority will still use the old custodians (banks, secure custodial wallets) because of theft and user error risk.
According to the original GitHub thread, 1400BitcoinStolen was soliciting advice on how to track or retrieve the lost funds. They have reportedly contacted blockchain analytics company Coinfirm and are currently awaiting a response.