Another attack has hit the cryptospace – this time, the target was the Electrum Bitcoin Wallet. The hacker, or hackers, got away with over 200 Bitcoin (around $718,000 as of press) by urging wallet users to download and install a malicious software update, according to business technology news outlet ZDNet. The hack began last Friday, December 21, and has been temporarily halted by GitHub administrators as of today.
To acquire users' bitcoin, the attacker added several malicious servers to Electrum's network. If an initiated bitcoin transaction reached one of these servers, it would respond with an error message prompting the user to follow a GitHub link to download an update. After download, the updated app would request a two-factor authentication code, which, if provided, would allow the malicious software to transfer the user's funds into the attacker's Bitcoin addresses.
Some users even manually copy-and-pasted the link provided in the error message and downloaded the malicious update via that route.
Although GitHub eventually removed the offending repository, the Electrum team silently responded to the hack beforehand by updating the app so that the fake messages would no longer appear as formatted text, which looks more legitimate than plain text. An Electrum developer, known as SomberNight, said the team did not publicly disclose the attack until today because the hacker had apparently stopped.
However, Electrum anticipates another attack to occur using either a different GitHub repository or another download location. The malicious servers also remain on the Electrum network – in fact, Electrum developers have identified at least 33 of them. The team has not disclosed what it intends to do about these servers.