In line with a recent report ‘published‘, a reportedly ongoing hacking against cryptocurrency wallet Electrum has seen a malicious party steal nearly 250 Bitcoin [BTC] [about $937,000 USD].
Subsequently ‘confirmed‘ by Electrum itself, the attack consists of making an illicit version of the wallet for fooling users into providing personal credentials.
“The hacker setup a full bunch of malicious servers,” Reddit user u/normal_rc explained:
“If someone’s [Electrum wallet] is connected to any of these servers, and try’s to send a Bitcoin [BTC] transaction , they’d see an official-looking message telling them to update their Electrum wallet, along with the scam URL.”
Affected users report making an attempt and failing to log in to their wallets after providing their two-factor authentication code — one thing Electrum doesn’t really request during login. The hackers then empty the wallet balance.
“[W]hen I logged on it asked me for my 2-factor authentication code that i believed was a bit strange as [Electrum] solely asks for the code when you attempt any transfer,” one victim continued in another Reddit post, ‘stating‘:
“I kept making an attempt to send and kept receiving a same error code mentioning ‘max fee exceeded not more than 50 sat/B [satoshi’s per byte]’ I then restored my wallet on a separate laptop and located that my balance had been transferred completely.”
In line with u/normal_rc, many addresses are feeding into one main holding address, that presently contains around ‘245.36 Bitcoin’s [BTC]‘.
Electrum posted concerning the incident on Twitter, stating “there is an going phishing attack against [Electrum users]” and implored users to check the validity of the resource they were signing into.
Mentioning further the tweet continued:
“Our official web-site is https://electrum.org[.] Please don’t transfer Electrum from any other source.”
Wallet hacks are however less frequent than those afflicting on-line exchanges, many of which — most notoriously Japan’s ‘Coincheck‘ — have lost users countless dollars, earlier this year.