The popular Bitcoin wallet “Electrum” recently reported an attack on its servers calling on users to take additional security measures to ensure their funds are not compromised.
In a tweet published by its official account, the Electrum team reported that its servers were being the target of a Denial of Services Attack. The group said that in addition to trying to solve the problem developers are working on a server update.
The information quickly spread across the web. After several inquiries it was learned that a botnet of approximately 150k to 300k attackers was targeting the wallet as part of an elaborate phishing scheme.
Apparently, the bots were running their own Electrum servers. When a user synchronized their wallet with one of these malicious servers, they received a message instructing them to upgrade to a more recent version of the wallet, which was actually programmed to send the users’ private data directly to the hackers.
“The botnet has a range of 150-300k unique IPs hammering all servers on the application level. The attacker is resourceful and is running custom code on the zombies, which is fairly uncommon. It leads me to believe the botnet is not rented but under direct control of the attacking entity.
I think the motivation of the attack on legitimate servers is so people running older versions of electrum keep using their old version. This way they stay on a scammer server and are asked to upgrade from a malware site upon sending a transaction. Please make sure to only use the official site stickied at the top by BashCo.”
An expert in cybersecurity commented that losses could be calculate in the order of several millions of dollars, emphasizing that it was impossible to recover such funds if the user performed the “upgrade” :
“The total amount stolen is in the millions of dollars so far, with a single person alone losing almost $140,000, based on our analysis … The DoS attacks are a new level, which only began about a week ago. People have seen 25 Gigabits per second worth of traffic being flooded at community run servers.”
This type of phishing attacks are common in the crypto verse. Before Electrum , JAXX suffered a similar attack after a group of hackers “cloned” the wallet, getting several users to transfer their funds to a modified version of this app, with free access for attackers.
Electrum has not yet announced any fix or update regarding the attack.