Sophisticated botnet attacks Electrum stealing millions of dollars

A sophisticated botnet has launched an attack on Electrum, the popular Bitcoin Core (BTC) wallet. The firm reported the attack on Twitter, revealing that it was a denial-of-service (DoS) attack. It also assured its users that its team was “working on a more robust version of the electrum server.”

The attack was perpetrated by a sophisticated botnet that had the power of more than 140,000 machines. The botnet directed massive traffic to Electrum servers, denying Electrum users access to them. It then directed the users to their compromised servers.

According to a report by The Next Web, the hackers had even “deployed their own Electrum servers hosting “backdoored” versions of the Electrum client en masse.” Users who connected their Electrum wallets with the compromised servers were instructed to update their client immediately. In doing so, the users unknowingly installed the hacked version of the wallet. Having updated their wallets, they lost all the tokens on their old versions.

Speaking to TNW, Electrum’s lead developer Thomas Voegtlin assured users that the team was working to resolve the issue. He hoped that they would have restored their servers in a few days. He also warned the users that they could face service interruptions as his team tried to handle the massive traffic directed to their servers by the botnet.

Citing an unnamed cyber security expert, the report further indicated that the attack could be retaliation by hackers whose efforts had been thwarted previously. The Electrum team had managed to successfully bring down a phishing attack that had targeted their users. The attackers had been using a trojan which security firm Malware Bytes named electrum stealer. However, it wasn’t before the hackers made away with millions of dollars’ worth of BTC.

The Electrum team had updated their wallets and some servers to protect their users from the phishing scam. However, the wallet doesn’t have an auto-update option and users have to manually update their wallets. Expectedly, not all users updated their wallets. It was these users who were still using older versions of the wallet that the new attack targeted.

The security expert told TNW:

“The total amount stolen is in the millions of dollars so far, with a single person alone losing almost $140,000, based on our analysis. The DoS attacks are a new level, which only began about a week ago. People have seen 25 Gigabits per second worth of traffic being flooded at community run servers.”

Electrum advised its users to only download their software from the official website, electrum.org. They can also use the official GitHub repositories. This is the main way they can protect themselves from the attack.