Coindesk Logo

Electrum Wallet Attack May Have Stolen As Much as 245 Bitcoin

Electrum Wallet Attack May Have Stolen As Much as 245 Bitcoin

Electrum Wallet Attack May Have Stolen As Much as 245 Bitcoin

A phishing attack on the Electrum wallet network has reportedly managed to steal bitcoin worth over $800,000.

A phishing attack on the Electrum wallet network has reportedly managed to steal bitcoin worth over $800,000.

A phishing attack on the Electrum wallet network has reportedly managed to steal bitcoin worth over $800,000.

AccessTimeIconDec 28, 2018, 11:02 AM
Updated Aug 16, 2021, 11:57 AM

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

A phishing attack on the Electrum wallet network has possibly managed to steal around 245 bitcoins, worth over $880,000 at today's prices.

Warning of the attack on Thursday, the firm tweeted: “There is an ongoing phishing attack against Electrum users. Our official website is https://electrum.org Do not download Electrum from any other source.”

The bad actor set up the attack by creating multiple fake servers on the Electrum wallet network. As a result, when wallet users that connected to those servers attempted to broadcast a bitcoin transaction, they received an error message providing a malicious link to malware disguised as an updated wallet, the firm explained on its Github page.

Electrum said that "To make the attack more effective, the attacker is creating lots of servers (sybils), hence increasing the chance a client would connect to him."

Fake alert created by the attacker (via Electrum GitHub page)

A Reddit user posted a bitcoin address Thursday that they said the attacker is using to consolidate the stolen cryptocurrency from several addresses used in the attacks. If true, 245 BTC have been taken in this attack, an amount worth $884,000 at press time.

Electrum has moved to mitigate the problem and has released a new version of its wallet 3.3.2, it said on the Github page, adding that “This is not a true fix, but the more proper fix of using error codes would entail upgrading the whole federated server ecosystem out there.”

The firm explained:

“We did not publicly disclose this until now, as around the time of the 3.3.2 release, the attacker stopped; however they now started the attack again.”

Instances of cryptocurrency hacks are fast on the rise as criminals seek an easy path to rich rewards.

According to a recent report from blockchain security firm CipherTrace, nearly $1 billion in cryptos have been stolen so far this year. Another report from McAfee showed that there were nearly four million new mining malware threats in the third quarter of 2018 alone, compared to less than 500,000 in 2017 and 2016.

Hacker image via Shutterstock

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.