Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday December 28 2018, @01:52AM   Printer-friendly
from the Zapped! dept.

Submitted via IRC for SoyCow1984

Users report losing Bitcoin in clever hack of Electrum wallets | ZDNet

A hacker (or hacker group) has made over 200 Bitcoin (circa $750,000 at today's exchange) using a clever attack on the infrastructure of the Electrum Bitcoin wallet.

The attack resulted in legitimate Electrum wallet apps showing a message on users' computers, urging them to download a malicious wallet update from an unauthorized GitHub repository.

The attack began last week on Friday, December 21, and appears to have been temporarily stopped earlier today after GitHub admins took down the hacker's GitHub repository.

Admins of the Electrum wallet expect a new attack to soon get underway, with either a new GitHub repo or a link to another download location altogether.

This is because the vulnerability at the heart of this attack has remained unpatched, albeit Electrum wallet admins taking steps to mitigate its usability for the attacker.

How the attack works:

  • Attacker added tens of malicious servers to the Electrum wallet network.
  • Users of legitimate Electrum wallets initiate a Bitcoin transaction.
  • If the transaction reaches one of the malicious servers, these servers reply with an error message that urges users to download a wallet app update from a malicious website (GitHub repo).
  • User clicks the link and downloads the malicious update.
  • When the user opens the malicious Electrum wallet, the app asks the user for a two-factor authentication (2FA) code. This is a red flag, as these 2FA codes are only requested before sending funds, and not at wallet startup.
  • The malicious Electrum wallet uses the 2FA code to steal the user's funds and transfer them to the attacker's Bitcoin addresses.

The problem here is that Electrum servers are allowed to trigger popups with custom text inside users' wallets.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Friday December 28 2018, @02:55AM

    by Anonymous Coward on Friday December 28 2018, @02:55AM (#779211)

    The Zimbabwe dollar?