Hackers have stolen $22 million from users of the popular bitcoin wallet Electrum by enticing people to install fake software updates, according to an investigation from ZDNet.
The fake updates, which are prompted by popup messages, trick users into installing malware onto their computers. Users have reported that their funds were stolen immediately upon downloading the file.
This technique has been seen before. The Block reported in 2018 that criminals used the same approach to steal over $700k from Electrum wallet users. The new investigation from ZDNet illustrates the extent to which the scheme has persisted throughout 2019 and 2020.
According to ZDNet, the Electrum team has several steps to prevent this kind of attack since it was first detected two years ago. But the attack still works on users operating on older versions of the app.