Admins of popular Bitcoin wallet, Electrum, are warning users of a phishing attack that tricks its users into downloading a malicious update that steals their password codes. According to ZDNet, these hackers added tens of malicious servers to Electrum' wallet network which, when triggered, prompts users to download a wallet update containing malicious code. Users of this updated version will be asked to enter their 2-factor authentication code, which the hackers will use to access their wallet—emptying their balance. Hackers were able to steal over 200 bitcoins, approximately $730k at the time of this writing.
According to ZDNet, the core issue for Electrum is that it allows "popups with custom text" to trigger in a user's wallet interface. This enables attackers to get direct access to their victim's interface and render authentic-looking server messages like the one below.
According to Electrum's developers, these attacks began on December 21 and while the developers have taken down the hacker's GitHub repository, which contains the malicious code, they have yet to patch the main attack vector. Developers warn that another attack may soon be underway.