The fatal pop-up – Hackers are always on the lookout to steal crypto-currencies wherever they can. This time it was users of the Electrum wallet who fell victim to a fake update window.
2,200 BTCs stolen with an old technique
What could be more annoying than update pop-ups, whose window suddenly appears to interrupt you in what you were doing? Unfortunately, not paying attention to the content of these messages – and especially to the links they send to – has cost Crypto Bank owners using the Electrum wallet fortunes.
In an investigation conducted by the ZDNet site, we rediscover a rather simple, but vicious technique used by hackers since late 2018.
As they open an old version of their Electrum application (the new ones having patched this flaw), future victims see a pop-up asking for an unexpected update. But when they accept this update, they are actually downloading malware that mimics the appearance of Electrum.
When this fake wallet is launched, it will ask the user for a one-time access code (OTP) – normally requested in the official version, but only when sending a transaction. By entering this code, the victim actually gives the authorization to the fake wallet to send all these funds to the hacker’s account.
The hackers‘ wallets using this technique have thus managed to divert a total of 2,182 bitcoins, or about $25 million.
A careless mistake that would have taken only a few seconds to check.
One Electrum user reported losing 1,400 BTCs (nearly $16 million) alone. However, the messages visibly contained bad Internet links, which did not correspond to the official Electrum site. As can be seen below: „electrumsite.com“ instead of „electrum.org“.
Malicious pop-up referring the user to a fake Electrum site and wallet
Electrum teams have set up a blacklist system against the Electrum-X servers used by hackers to send these false update messages. Similarly, a patch now prevents the servers from displaying pop-ups in HTML format to wallet users.
When you update your wallets, make sure you do it correctly! It’s better to „waste“ a few minutes making sure you’re on the official project site than to lose all your precious bitcoins.