ETHERLive
ETHERLive delivers real-time price and volume data across 16+ exchanges to users in a clear and easy-to-understand package. Users can get up-to-the-second updates for each exchange/currency pair, as well as aggregated market averages for each exchange, currency, and the market as a whole. It also provides a global converted average of all the currency pairs monitored by ETHNews, converted to USD.

---

24hr ---
--%
Tuesday Jan 22nd 2019
RESOURCES

The Basics

Learn the basics of Ethereum and various cryptocurrency technologies

Learn More

What is Ethereum?

Understand the underlying principles of the Ethereum Platform

Learn More

The Blockchain

Discover the revolutionizing technology known as the blockchain

Learn More
SUBMIT

Press Release

Submit a press release for consideration on ETHNews

Submit Press

Story / Dapp

Submit a story or DAPP to be considered for publication on ETHNews.

Submit Story

Explanation

Submit "Ethereum Explainer" content for consideration to be featured on ETHNews

Submit Topic
ETHNews Logo
---
--%
Home
News
Etherlive
Ether Price Analysis
Resources
Contact Us

200+ Bitcoin Stolen From Electrum Wallet Users Via Hack

By

Dani

Putney

WriterETHNews.com

The hacker used a malicious update to steal users’ funds.

Another attack has hit the cryptospace – this time, the target was the Electrum Bitcoin Wallet. The hacker, or hackers, got away with over 200 Bitcoin (around $718,000 as of press) by urging wallet users to download and install a malicious software update, according to business technology news outlet ZDNet. The hack began last Friday, December 21, and has been temporarily halted by GitHub administrators as of today.

To acquire users' bitcoin, the attacker added several malicious servers to Electrum's network. If an initiated bitcoin transaction reached one of these servers, it would respond with an error message prompting the user to follow a GitHub link to download an update. After download, the updated app would request a two-factor authentication code, which, if provided, would allow the malicious software to transfer the user's funds into the attacker's Bitcoin addresses.

Some users even manually copy-and-pasted the link provided in the error message and downloaded the malicious update via that route.

Although GitHub eventually removed the offending repository, the Electrum team silently responded to the hack beforehand by updating the app so that the fake messages would no longer appear as formatted text, which looks more legitimate than plain text. An Electrum developer, known as SomberNight, said the team did not publicly disclose the attack until today because the hacker had apparently stopped.

However, Electrum anticipates another attack to occur using either a different GitHub repository or another download location. The malicious servers also remain on the Electrum network – in fact, Electrum developers have identified at least 33 of them. The team has not disclosed what it intends to do about these servers.

Dani Putney

Dani is a full-time writer for ETHNews. He received his bachelor's degree in English writing from the University of Nevada, Reno, where he also studied journalism and queer theory. In his free time, he writes poetry, plays the piano, and fangirls over fictional characters. He lives with his partner, three dogs, and two cats in the middle of nowhere, Nevada.

ETHNews is committed to its Editorial Policy

Like what you read? Follow us on Twitter @ETHNews_ to receive the latest Electrum Bitcoin Wallet, SomberNight or other Ethereum wallets and exchanges news.