Almost a million dollars in stolen Bitcoin (BTC)
An anonymous hacker (or a consortium of hackers) has allegedly stolen nearly $ 1 million in Bitcoin (BTC), reports ZDNet, the multimedia technology outlet. According to the report, Electrum Wallet, a popular open source project founded in mid-June 2011, has been hacked into an "intelligent attack".
The attack, which was confirmed by the team behind the company, allegedly consisted of a fake message that appeared on the official Electrum applications of users, inviting consumers to visit a site.
If the signed link was clicked, it would bring the victims to an apparent Electrum-branded GitHub repository, which contained an evil version of Electrum that would steal the properties of consumer Bitcoins.
There is an ongoing phishing attack against Electrum users. Our official website is https://t.co/aHiZIZH54e Do not download Electrum from any other source. More information on the attack here: https://t.co/x5mPVspKfO
– Electrum (@ElectrumWallet) December 27, 2018
This specific attack was supposedly started on December 21st but was recently closed (perhaps only temporarily) by GitHub administrators, who have eliminated malicious download files. But how exactly did the attack work?
Well, as explained by ZDNet, the hacker allegedly added dozens of "malicious servers" to the Electrum network, so when a user intends to make a transaction, the server with the hacker responds with an error message asking users to visit the fake GitHub. Once downloaded, the app requires users to enter a 2FA code, which was routed to the attacker, allowing later the transfer of BTC.
The electronic administrators allegedly denied that the message was mostly readable, so this means of attack is likely to breathe the last breaths. However, the fact is that the hackers eventually got over 200 BTCs, about the value of ~ $ 740,000 at the time of writing. Other reports indicate that the attack has collected over 250 BTCs for hackers, but these numbers have not been confirmed.
Not the first attack on Electrum
Interestingly, this is not the first time that the popular portfolio solution has been attacked by bad actors. At the beginning of this year, at the beginning of May, the Bleeping computer reported that the Electrum team had seen an unnamed individual / group create a copy of their flagship product, naming it " Electrum Pro ".
The app, which closely resembled its bona fide counterpart, was exposed as an attack vector that malicious individuals can exploit, stealing the Bitcoin private keys in the process.
In a post-mortem attack (of some types), which went on for over two months, it was explained that there were a number of dazzling red flags. Electrum Pro allegedly used the Electrum brand and logo without permission, while purchasing the rights to the Electrum.com domain, which was almost identical to the .org domain name of the legitimate group.
After the analysis, it was also revealed that in the Pro code, in particular in lines 223-248 of electrumpro_keystore.py, a system was integrated that allowed attackers to load user keys for illicit purposes. While the Electrum Pro attack has been dismantled, the two cases cited show that hackers are still ready to attack the cryptosphere, even in a bear market.
Title Image Courtesy of Luca Bravo on Unsplash