Electrum Becomes The Subject Of Ongoing Attack, Resulting In Nearly 250 Bitcoin Stolen (So Far)

One of the most publicized problems in the cryptocurrency industry is the way that hacking keeps stealing money from it. Whether there is an online scam to passively steal customer funds, or an outright attack, the industry has been plagued with multiple issues in this category. Though the year is almost over, hackers aren’t taking a break as the Electrum crypto wallets became the latest subject.

In an ongoing hack, the Electrum platform has already seen nearly 250 Bitcoin stolen from its wallets, which amounts to almost $1 million. The hacking has already been confirmed directly by Electrum already, saying that the hackers have developed a false version of the wallet, making users believe that they are inputting their password information into the real website.

One Reddit user explained exactly what was happening:

“The hacker setup a whole bunch of malicious servers. If someone’s Electrum wallet connected to one of those services, and tried to send a BTC transaction, they would see an official-looking message telling them to update their Electrum Wallet, along with a scam URL.”

Many of the users that have already noticed the breach have been failing to lot into their wallets, despite following the two-factor authentication process. However, this process is not a part of the requirements for logging into Electrum, which is another sign of the scam. From that point, the hackers are capable of pulling all of the funds from the wallet.

Another victim posted to Reddit, saying,

“[W]hen I logged on it immediately asked me for my 2-factor code which I thought was a little strange as well as Electrum usually only asks for that when you attempt to send. I kept trying to send and kept getting an error code ‘max fee exceeded no more than 50 sat/B [satoshis per byte]’ I then restored my wallet on a separate pc and found that my balance had been transferred out in full[.]”

So far, the withdrawals from the wallets are all going into one central address to hold the funds, and they have already collected 243 BTC. When Electrum posted about this hack on Twitter, they urged users to always check their resource to make sure they are at the Electrum website, noting the “ongoing phishing attack against their users.”

The tweet added,

“Our official website is https://electrum.org[.] Do not download Electrum from any other source.”

209 +