Users report losing Bitcoin in clever hack of Electrum wallets | ZDNet
A hacker (or hacker group) has made over 200 Bitcoin (circa $750,000 at today's exchange) using a clever attack on the infrastructure of the Electrum Bitcoin wallet.
The attack resulted in legitimate Electrum wallet apps showing a message on users' computers, urging them to download a malicious wallet update from an unauthorized GitHub repository.
The attack began last week on Friday, December 21, and appears to have been temporarily stopped earlier today after GitHub admins took down the hacker's GitHub repository.
Admins of the Electrum wallet expect a new attack to soon get underway, with either a new GitHub repo or a link to another download location altogether.
This is because the vulnerability at the heart of this attack has remained unpatched, albeit Electrum wallet admins taking steps to mitigate its usability for the attacker.
How the attack works:
- Attacker added tens of malicious servers to the Electrum wallet network.
- Users of legitimate Electrum wallets initiate a Bitcoin transaction.
- If the transaction reaches one of the malicious servers, these servers reply with an error message that urges users to download a wallet app update from a malicious website (GitHub repo).
- User clicks the link and downloads the malicious update.
- When the user opens the malicious Electrum wallet, the app asks the user for a two-factor authentication (2FA) code. This is a red flag, as these 2FA codes are only requested before sending funds, and not at wallet startup.
- The malicious Electrum wallet uses the 2FA code to steal the user's funds and transfer them to the attacker's Bitcoin addresses.
The problem here is that Electrum servers are allowed to trigger popups with custom text inside users' wallets.
(Score: 0) by Anonymous Coward on Friday December 28, @02:09AM (2 children)
Etherium is like Hillary's email...
(Score: 0) by Anonymous Coward on Friday December 28, @02:12AM
Electrum, ethereum, Zimbabwe dollars... guess which one will have value in two years.
(Score: 2) by MostCynical on Friday December 28, @02:25AM
weirdly, if anything, Hillary's server was more secure than Electrum's
