Two users of Electrum software wallet have recently reported the loss of large amounts of Bitcoin (BTC). One of the victims described the disappearance of 1,400 BTC, for a total of $14,595,000 at the close of this edition, while another claimed that 36.5 BTC, worth $380,512, had been stolen. The facts seem to be related to a long-standing phishing scam that has affected Electrum users since 2018.
„Users should be careful when dealing with their own keys, particularly when they are storing the keys to a purse with a large amount of crypto currency, as it makes them attractive to hackers,“ Jason Lau, the director of operations for the OKCoin crypto currency exchange, told Cointelegraph in response to the hacking of 1,400 BTC, adding
„In this incident, it appears that a phishing attack led the user to install an update that gave the hacker access to the private keys and funds. Phishing scams are very common in all types of financial applications, and continue to evolve in levels of sophistication“.
Cryptojacking is back; attacks are up by 163%.
Searching in the past
The initial news of a phishing scam that impacted Electrum’s purse made headlines for the first time on 27 December 2018, with nearly one million dollars reported stolen. „The hacker installed many malicious servers“, said a Reddit user who was advertising the hack.
Essentially, the hacker drove users to a malicious Web page through the servers, inciting them to enter private data, which in turn put the nefarious person behind the scheme in control of their assets. The scam also involved an update of the fake wallet that downloaded the malware onto the victims‘ devices, as detailed in another Reddit article.
At the time of the Cointelegraph report in December 2018, the address of the purse associated with the scam contained 243 BTCs. Looking at the address today reveals that 637.44 BTCs visited and left the now-empty wallet.
In the months after Electrum’s phishing became public, the purse’s difficulties have continued, including a denial of service attack that looked very similar to the aforementioned 2018 phishing scam, also leading victims astray with fake software updates.
A $1 million bribe at Bitcoin ends in conspiracy charges for a Russian citizen