Hackers Steal 250 BTC from Electrum Bitcoin Wallets

It seems that popular Bitcoin Bitcoin While some may still be wondering what is Bitcoin, who created Bitcoin, or how does Bitcoin work, one thing is certain: Bitcoin has changed the world.No one can remain indifferent to this revolutionary, decentralized, digital asset nor to its blockchain technology.In fact, we’ve gone a long way ever since a Florida resident Laszlo Hanyecz made BTC’s first official commercial transaction with a real company by trading 10,000 Bitcoins for 2 pizzas at his local Papa John’s.One could now argue that While some may still be wondering what is Bitcoin, who created Bitcoin, or how does Bitcoin work, one thing is certain: Bitcoin has changed the world.No one can remain indifferent to this revolutionary, decentralized, digital asset nor to its blockchain technology.In fact, we’ve gone a long way ever since a Florida resident Laszlo Hanyecz made BTC’s first official commercial transaction with a real company by trading 10,000 Bitcoins for 2 pizzas at his local Papa John’s.One could now argue that Read this Term wallet Electrum is having issues. A litany of concerned users are reporting their wallets have suddenly been drained out – without any notification or action on their side.

At least 240 BTC (worth around $1 million) was transferred to several Blockchain Blockchain Blockchain comprises a digital network of blocks with a comprehensive ledger of transactions made in a cryptocurrency such as Bitcoin or other altcoins.One of the signature features of blockchain is that it is maintained across more than one computer. The ledger can be public or private (permissioned). In this sense, blockchain is immune to the manipulation of data, making it not only open but verifiable. Because a blockchain is stored across a network of computers, it is very difficult to tamp Blockchain comprises a digital network of blocks with a comprehensive ledger of transactions made in a cryptocurrency such as Bitcoin or other altcoins.One of the signature features of blockchain is that it is maintained across more than one computer. The ledger can be public or private (permissioned). In this sense, blockchain is immune to the manipulation of data, making it not only open but verifiable. Because a blockchain is stored across a network of computers, it is very difficult to tamp Read this Term wallets (14MVEf1X4Qmrpxx6oASqzYzJQZUwwG7Fb5) which were then consolidated and moved to another address (1MkM9Q6xo5AHZkLv2sTGLYb3zVreE6wBkj).

Electrum users immediately began warning one another on Twitter and Reddit. They said when ‎the user opens his wallet app, he will be redirected ‎to download a fake update on a resource similar in design, but created by scammers. When ‎entering a login and password, the site steals funds from user ‎accounts.‎

According to the multitude of Reddit posts, a hacker (or hacker group) set up tens of malicious servers to the Electrum wallet network. And when a user logs into his legitimate Electrum wallets and tries to initiate a transaction, the malicious server shows an error message claiming that he must download a wallet app update from a malicious GitHub page.

After installing the fake update and trying to log back in again, the malicious Electrum wallet asks him for a 2-factor authentication code. This is a red flag, as Electrum only asks for two-factor codes when a user is attempting to send funds to a recipient, and not at wallet startup. Actually, this action is the last step to steal the user's funds and transfer them to the thieves' wallets.

The issue was first brought to light after a Reddit user reported his funds missing after using the Electrum wallet app – despite taking every measure to ensure they were indeed using the real thing. Soon after this post, a handful of posts surfaced to warn other users of the security breach.

A Reddit user explains how it works

Posting on Reddit, a user called “u/normal_rc” explained how the hacker gained access to Electrum wallets and stole victims’ balances. The post explains how thieves preyed upon their victims using a very simple technique: He wrote:

The hacker setup [sic] a whole bunch of malicious servers.

If someone's Electrum Wallet connected to one of those servers, and tried to send a BTC transaction, they would see an official-looking message telling them to update their Electrum Wallet, along with a scam URL.

The Electrum team confirmed the attack on Twitter, but the exact scale ‎of the problem is still not defined and stated that the phishing attack is still ongoing.‎

There is an ongoing phishing attack against Electrum users. Our official website is https://t.co/aHiZIZH54e Do not download Electrum from any other source. More on the attack here: https://t.co/x5mPVspKfO

— Electrum (@ElectrumWallet) December 27, 2018

Electrum is free software that’s used by numerous cryptocurrency sites, including merchants and exchanges, to store bitcoin. Anyone can run an Electrum server and the software supports hardware wallets such as Trezor, Ledger, and Keepkey.