skip to Main Content
bitcoin
Bitcoin (BTC) $ 76,130.40 1.53%
vested-xor
Vested XOR (VXOR) $ 3,405.08 99,999.99%
ethereum
Ethereum (ETH) $ 2,939.73 4.31%
tether
Tether (USDT) $ 1.00 0.05%
solana
Solana (SOL) $ 203.06 8.20%
bnb
BNB (BNB) $ 598.70 0.77%
usd-coin
USDC (USDC) $ 1.00 0.03%
xrp
XRP (XRP) $ 0.552487 0.69%
dogecoin
Dogecoin (DOGE) $ 0.198864 4.33%
staked-ether
Lido Staked Ether (STETH) $ 2,935.98 4.22%

Phishing Attack on Electrum Wallet Nets Hacker Almost $1 Million in Hours, Report

A reportedly ongoing hack against cryptocurrency wallet Electrum has seen a malicious party steal almost 250 Bitcoin (BTC) (about $937,000), commentators reported on social media Dec. 27.

Subsequently confirmed by Electrum itself, the attack consists of creating a fake version of the wallet that fools users into providing password information.

“The hacker setup a whole bunch of malicious servers,” Reddit user u/normal_rc explained:

“If someone’s Electrum Wallet connected to one of those servers, and tried to send a BTC transaction, they would see an official-looking message telling them to update their Electrum Wallet, along with a scam URL.”

Affected users report trying and failing to log in to their wallets after providing their two-factor authentication code — something Electrum does not in fact request during login. The hackers then empty the wallet balance.

“[W]hen I logged on it immediately asked me for my 2 factor code which I thought was a little strange as well as Electrum usually only asks for that when you attempt to send,” one victim continued in another Reddit post, adding:

“I kept trying to send and kept getting an error code ‘max fee exceeded no more than 50 sat/B [satoshis per byte]’ I then restored my wallet on a separate pc and found that my balance had been transferred out in full[.]”

According to u/normal_rc, several addresses are feeding into one main holding address, which currently contains 243 BTC.

Electrum posted about the incident on Twitter today, stating “[t]here is an ongoing phishing attack against Electrum users” and implored users to check the validity of the resource they were logging into.

“Our official website is https://electrum.org[.] Do not download Electrum from any other source,” the tweet continued.

Wallet hacks are less frequent than those afflicting online exchanges, several of which — most notoriously Japan’s Coincheck — have lost users hundreds of millions of dollars in 2018.

Loading data ...
Comparison
View chart compare
View table compare
Back To Top