Search

Someone Just Lost $16M in Bitcoin by Using a Malicious Install of the Electrum Wallet

An Electrum wallet user claims to have lost a fortune in bitcoin after installing an older version of the software from a malicious source.

  • In a Sunday post on GitHub, the individual described the loss of more than 1,400 bitcoin (worth around $16.2 million at press time) as a result of "foolishly" installing an old version of the lightweight wallet.

  • Going by the username "1400BitcoinStolen," they described how a pop-up message asked to update their security prior to being allowed to transfer any funds.

  • Upon installing a purported "security update" for the wallet, it immediately triggered a transfer of the user's entire balance to an address in the possession of a hacker.

  • Binance's CEO Changpeng "CZ" Zhao has moved to blacklist the stolen funds from his exchange, stating users should "beware of this Electrum official update."

  • 1400BitcoinStolen said they had contacted blockchain analytics company Coinfirm for assistance in tracking the bitcoin and were awaiting a response.

  • Electrum has been around since 2011 and has gone through multiple updates while also being unable to stop bad actors exploiting previous versions by Sybil attacks using malicious servers.

  • Another member on the GutHub thread, "gits7r" – who seems to be associated with Electrum – said the problem comes from the decision by the team early on to allow users to "run their own servers or use servers that they trust."

  • If users download a version from a different source than electrum.org and don't check signatures, they may "install a backdoored Electrum," gits7r said.

  • In 2018, the Electrum network suffered such an attack from a bad actor who created multiple fake servers on the Electrum network that saw 245 bitcoin siphoned from unsuspecting victims.


4 views0 comments

Recent Posts

See All