Phishing Attack on Electrum Wallet Nets Hacker Almost $1 Million in Hours

A reportedly ongoing hack against cryptocurrency wallet Electrum has seen a malicious party steal almost 250 Bitcoin (BTC) (about $937,000), commentators reported on social media Dec. 27.

Subsequently confirmed by Electrum itself, the attack consists of creating a fake version of the wallet that fools users into providing password information.

“The hacker setup a whole bunch of malicious servers,” Reddit user u/normal_rc explained:

“If someone’s Electrum Wallet connected to one of those servers, and tried to send a BTC transaction, they would see an official-looking message telling them to update their Electrum Wallet, along with a scam URL.”

Affected users report trying and failing to log in to their wallets after providing their two-factor authentication code — something Electrum does not in fact request during login. The hackers then empty the wallet balance.

“[W]hen I logged on it immediately asked me for my 2 factor code which I thought was a little strange as well as Electrum usually only asks for that when you attempt to send,” one victim continued in another Reddit post, adding:

“I kept trying to send and kept getting an error code ‘max fee exceeded no more than 50 sat/B [satoshis per byte]’ I then restored my wallet on a separate pc and found that my balance had been transferred out in full[.]”

According to u/normal_rc, several addresses are feeding into one main holding address, which currently contains 243 BTC.

Electrum posted about the incident on Twitter today, stating “[t]here is an ongoing phishing attack against Electrum users” and implored users to check the validity of the resource they were logging into.

Wallet hacks are less frequent than those afflicting online exchanges, several of which — most notoriously Japan’s Coincheck — have lost users hundreds of millions of dollars in 2018.