Coinfirm documents interesting or high profile frauds and hacks that have recently happened and been reported into our networks to show how the Coinfirm can help track and prevent it in the future. Today we conduct an investigation into the Phishing Attack on Electrum Wallet.
A new phishing attack vector has surfaced in the last few days of 2018. The hacker targeted the popular Electrum wallet trying to get the users to download a fake update, which would then proceed to steal all of the users’ funds.
The hacker has reportedly created a lot of servers (sybils) and thanks to the messaging capabilities (and rich text display) was able to send the fake error message prompting for a security upgrade. The link was cleverly disguised with the official GitHub site URL.
It’s important to keep in mind, that the Electrum wallet itself was not compromised, the whole attack is only possible if the victim installs the fake electrum client and provides it with his seed and passwords. So far, the developer has already removed the rich text capabilities from their newest release so that the messages relayed by nodes don’t look as convincing.
The attack started out on Dec 21 but was not publicly disclosed until the latest release of the wallet software (not to encourage any more attacks). Since then, the attacks have been going on and off, varying with the phishing messages.
As of the time of reporting, the attacker has stolen around 243 BTC (which is nearly $900K).
As there is no easy way of preventing such attacks without fully centralizing the nodes, users must remain vigilant and spread awareness of such attacks in order to protect others.
Below you can see an AML Risk Report generated for the attackers’ address. Now any entity using the Coinfirm AML Platform can not only see the risk of the associated address and funds but limit their exposure to it along with their clients, partners and users. Protecting the crypto economy as a whole
The Coinfirm Team