THELOGICALINDIAN - Hackers managed to abduct abutting to 900000 account of Bitcoin from Electrum wallet users via a phishing advance While the attacks assume to accept appear to a arrest Electrum Devs say the hackers can barrage new exploits back the affair hasnt been assuredly fixed
Fake Electrum Wallet ‘Update’ Phishing Attack
The account of the advance aboriginal appeared on GitHub via one of Electrum’s developers code-named SomberNight. Starting on Friday (Dec. 21, 2018), hackers began tricking Electrum wallet users into downloading an update, which angry out to be from a awful source.
The hackers uploaded a agglomeration of awful serves to the capital arrangement of the Electrum wallet. Once a user initiates a BTC transaction that alcove one of these servers, an absurdity bulletin ancestor up. This absurdity bulletin tries to ambush them into downloading a affected Electrum wallet app.
If the user avalanche victim and downloads the awful wallet, a bulletin allurement for two-factor affidavit (2FA) shows up. This accident is abnormal accustomed that 2FA alone comes into comedy back appointment BTC not back starting up the wallet. Once the user gives up their 2FA code, the hackers can carry all the Bitcoin in the wallet.
As at columnist time, the hackers assume to accept circumscribed their boodle into one BTC address which holds about 243 BTC (over $890,000).
Similar Attacks Will Likely Continue
CasaHodl CTO Jameson Lopp, a adept software developer, explained that users who affix to their Electrum server were artless in the hack.
“A sybil malware advance is advancing adjoin Electrum Wallet users,” he cautioned on Twitter.
Several comments on Reddit additionally aback up Lopp’s statements adage that those active abounding nodes accept no acumen to worry.
Update ONLY From the Offical Electrum Website
Meanwhile, the Electrum Devs are advancement users not to download any amend from a antecedent afar from the official website. Responding to the attacks, the activity aggregation adapted the wallet app with a new advancement that prevents the apprehension of affluent HTML text.
Commenting on this effort, SomberNight said:
A added abiding band-aid would be to annihilate the adeptness to accelerate customized absurdity messages. This would anticipate hackers from actuality able to accelerate absurdity codes that the wallet can break into a bulletin advising a specific action.
Without demography such steps, the hackers can abide the phishing attack. With a new download link, they can abide the attacks seeing as the activity aggregation says there are about 50 awful servers.
Phishing attacks are one of the abounding agency acclimated by cybercriminals to abduct cryptocurrency. In September, Bitcoinst reported on the use of affected websites in Singapore to abduct acclaim agenda information.
Do you anticipate the Electrum Devs will be able to acquisition a abiding band-aid to this new phishing hack? Please allotment your thoughts with us in the comments below.
Image address of GitHub and Twitter (@lopp).