Hackers used a clever new tactic to steal over $700k from the users of a popular bitcoin wallet

Hacks • December 27, 2018, 4:55PM EST
The Block

Admins of popular Bitcoin wallet, Electrum, are warning users of a phishing attack that tricks its users into downloading a malicious update that steals their password codes. According to ZDNet, these hackers added tens of malicious servers to Electrum' wallet network which, when triggered, prompts users to download a wallet update containing malicious code. Users of this updated version will be asked to enter their 2-factor authentication code, which the hackers will use to access their wallet—emptying their balance. Hackers were able to steal over 200 bitcoins, approximately $730k at the time of this writing.

According to ZDNet, the core issue for Electrum is that it allows "popups with custom text" to trigger in a user's wallet interface.  This enables attackers to get direct access to their victim's interface and render authentic-looking server messages like the one below.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

According to Electrum's developers, these attacks began on December 21 and while the developers have taken down the hacker's GitHub repository, which contains the malicious code, they have yet to patch the main attack vector. Developers warn that another attack may soon be underway.

About Author

Steven Zheng is a researcher for The Block. He joined The Block in August 2018. Steven graduated from St. John’s University with a degree in economics. Previously, he covered blockchain and crypto at Radicle, a startup analytics firm. He also had brief stints at Cheddar, a media startup, and Bowery Capital, a venture capital firm. He owns bitcoin. Follow Steven on Twitter at: @Dogetoshi

More by Steven Zheng