Hackers steal 234 BTC from Electrum wallets

The cryptocurrency community suffered another attack from hackers after unknown person(s) managed to steal 243 Bitcoin Core (BTC) (about $750,000) from Electrum wallets.

Reportedly, the hacker or hackers managed to send messages to Electrum users urging them to download a malicious update to their wallets from unauthorized GitHub repository. The hack began on Friday, December 21 and was temporarily stopped today by GitHub administration after they took down the hacker’s GitHub repository.

Hackers added ten malicious servers to the Electrum wallet network to steal the bitcoins. Once a bitcoin transaction initiated by users reached one of these servers, it would send error messages urging the user to update their wallets by following a GitHub link. Upon completion, the updated app would request for a two-factor authentication code. The attackers then used the codes with the help of malicious software to transfer funds from user’s Electrum wallets to their bitcoin address.

Usually, users are not required to provide their two-factor authentication code to log in to their accounts. However, after proving the codes, affected users tried and failed to log in to their accounts.

Electrum posted about the attack on Twitter today stating that there is an ongoing attack against Electrum users. The tweet also requested users to check the validity of the source where they key in their details.

The tweet also stated:

“Our official website is https: //electrum.org [.] Do not download Electrum from any other source,”

Electrum wallet admin did not initially inform the public about the hack but responded by quietly updating the Electrum wallet app, which stopped the message from the hackers. However, some users went ahead and copied the message to download the updates from their browsers. An Electrum developer, SombeNight said that the team did not announce the hack to the public until now because the attack had allegedly stopped.

Although GitHub has removed the repository containing the malicious wallet version, the malicious servers remain on Electrum network. It’s believed that Electrum may soon face yet another attack using the same method or another download location. The core problem is that Electrum servers are allowed to trigger a popup that contains custom text inside user’s wallets.