The first reports of problems among users of Electrum cryptocurrency wallets began to appear back in December 2018, when criminals attacked the project’s infrastructure and stole about a million dollars in cryptocurrency. Now it turned out that more than $22 million in cryptocurrency were stolen from Electrum wallets.
In 2018, the Electrum developers called an accident a phishing attack and, in essence, they were right, it really was phishing, although in an unusual format.The fact is that in order to process transactions, Electrum wallets connect to the Bitcoin blockchain through the Electrum server network known as ElectrumX. As a rule, wallet applications control users that can manage such servers, but the Electrum ecosystem works differently: here anyone can raise an ElectrumX gateway server.
How Electrum works
Possibility to raise an ElectrumX gateway server is the main feature of the project that abuse attackers, who deploy malicious nodes and send fake messages to users about the need to urgently update the wallet. Usually, the download link for such an “update” does not lead to the official Electrum website (electrum.org), but to a similar domain or directly to the GitHub repository.
If the victim doesn’t pay attention to the URL, it installs a malicious version of Electrum on their machine, and the next time the user tries to use the wallet, the malware will ask them for a one-time password.
Unfortunately, by mid-2019, the situation had changed only for the worse, although the developers released patches and tried to combat such attacks by exploiting a DoS unknown to the public vulnerability in old Electrum clients, forcing them to stop connecting to the attackers’ nodes and update.
The developers also implemented a server blacklisting system on ElectrumX servers and prevented servers from showing HTML pop-ups to end users. Alas, all this did not help much, and as of April 2019, scammers managed to steal about $4.6 million, when the Electrum infrastructure was attacked by a botnet whose maximum size exceeded 152,000 hosts.
Now the ZDNet publication reports that hackers have continued to use this scheme of attacks over the years, and some incidents have occurred quite recently, for example in September 2020.
According to journalists, currently, about 1980 BTC is stored in the wallets of fraudsters engaged in such attacks, that is, approximately $22 million. If you add here 202 BTC stolen back in December 2018, the total amount of stolen funds is already more than $24.6 million.
Notably, most of these funds appear to have been stolen in one single incident: in August 2020, when a user reported the theft of 1,400 bitcoins (about $15,800,000) following an Electrum wallet update.
However, this is not the most large-scale attack on cryptocurrency holders, let me remind you that Cybercriminals have stolen $32 million from Bitpoint cryptocurrency exchange and even more: attackers hacked Upbit cryptocurrency exchange and stole $48.5 million.
We also reported, for example, an attack on the Monero cryptocurrency official website. Site was hacked and distributed malware.
electrum worst wallet