Hackers and cybercriminals always seem to be at least one step ahead of the game. They have the skills, talent, and resources to think outside the box and come up with new ideas to trick systems and users to achieve their objectives: taking over accounts and networks to show their power and to gain financial assets.
The cryptocurrency industry has earned more users with each passing day, but the continued hacking scandals and phishing attacks still loom large as wallet holders are scared of investing big only to see some skilled cybercriminal end up with all the money.
The most recent attack, one that involves phishing, is currently taking place since December 21st, 2018. Hackers have targeted the Electrum Bitcoin wallet, and they have managed to collect around 200 BTC, which would be something in the neighborhood of $750,000. Although some of the victims didn’t even see it coming, the attack can be avoided.
Malicious Servers Caused the Damage
The Electrum wallet does not ask the customer to download the full blockchain. Its modus operandi involves the implementation of servers that remotely provide users with the blockchain, gaining access to it through the wallet. Several wallets use that approach, as well, and Bitcoin Cash, Litecoin, Dogecoin, and Dash versions have been forked in the past.
The hackers added malicious servers in the Electrum network: when wallet holders attempted to perform a BTC transaction over one of those servers, the interface showed a message telling the person to download an update because of an “error.”
At that moment, the person is redirected to the cybercriminal’s GitHub page, and if the user downloads the update, its system would allow the installation of malware, which subsequently urged users to provide their 2FA (two-factor authentication) codes, letting the hackers use them and take all the BTC via fund transfer to their bitcoin address.
“There is an ongoing phishing attack against Electrum users. Our official website is https://electrum.org Do not download Electrum from any other source”; this was the message that the company wrote on its Twitter account, @ElectrumWallet.
As of now, Electrum has modified its software and released an update. According to the Electrum Github repository, “we did not publicly disclose this until now, as around the time of the 3.3.2 release, the attacker stopped; however they now started the attack again.”
Red Flags
The fact that the interface asks the user for 2FA at the moment of downloading the malware should be a clear sign that something is not right, because two-factor authentication is normally requested only to perform any transaction within the Bitcoin wallet.
The Electrum phishing attack is not the first one that the crypto industry has endured, and sadly, it does not seem like it will be the last. As a McAfee report showed a few days ago, the recurrence of malware attacks in crypto users is dramatically rising: in 2018, incidents regarding crypto malware have increased more than 4,000 percent.
By Andres Chavez
