Cyber Thieves Steal $24 Million with a Fake Bitcoin Wallet Update

  • By Dawna M. Roberts
  • Published: Oct 13, 2020
  • Last Updated: Mar 18, 2022

A technique first used in 2018 has allowed cybercriminal gangs to bilk $22 million from Bitcoin users. ZDNet reported on Monday that by pushing a fake update to users of the Electrum Bitcoin app, thieves installed malware stealing money from hundreds of accounts.

How Does it Work?

Victims from all over have reported the same thing. They opened the Electrum wallet app and received a pop-up message to update to a newer version. When they clicked the update button, all of their Bitcoin funds were diverted to the scammer's account, and theirs were left empty.

This technique works so well because of how the Electrum wallet app functions and its back-end infrastructure. When processing transactions, the app routes communications through a network of Electrum servers called ElectrumX. Unlike other wallet apps that control the management of Bitcoin servers, Electrum allows anyone to set up an ElectrumX gateway server. This open-source ecosystem doesn't discriminate against criminals.

This dangerous loophole allows criminal gangs to set up a server and wait for Bitcoin users to initiate a transaction and connect to their system in the lineup. Once there, the user receives a pop-up that their software version needs updating. The update is simply malware that diverts their funds and drains their Bitcoin accounts. 

Users have noted that the pop-up usually contains some random error message that their transaction did not go through, thus the need for the upgrade. The download link does not come from the official Electrum website but instead diverts to a fake domain or GitHub repository.

Because users think they are updating through the official Electrum website, when it asks for a one-time passcode, most users provide it, effectively giving the app permission to transfer all their funds to the hacker's account. Users have dubbed this technique the "fake Electrum update scam."

The Staggering Figures

To date, since 2018, when this scam first reared its ugly head, cybercriminals have stolen roughly $24.6 million. A large portion of this total was nabbed in a single incident this September when a user who owned 1,400 Bitcoin ($15.8 million) was scammed using this technique. The victim commented that "I foolishly installed the old version of the Electrum wallet. My coins propagated. I attempted to transfer about 1 BTC however was unable to proceed. A pop-up displayed stating I was required to update my security prior to being able to transfer funds. I installed the update, which immediately triggered the transfer of my entire balance to a scammer's address."

Back in 2018, this scam surfaced when almost $1 was reported stolen by users. A network of malicious servers was used to steal the cash and was reported on Reddit by an Electrum wallet user.

Shortly after that first cyber attack, Electrum suffered a denial-of-service attack also. Any time cyber criminals access electronic devices, it opens the user up to possible identity theft, fraud, and other scams.

What is Electrum Doing About It?

Although Electrum added a server blacklisting system to ensure that no malicious ElectrumX servers connected to the network, one or two slips through the cracks every now and then. Electrum also updated the app to prevent servers from displaying HTML pop-ups to users to push a fake update. But as of September, this obviously did not stop thieves from stealing $15+ million from one user.

Users who have older versions of Electrum are more at risk because these new safeguards are not in place. 

The Dangers of Using Crypto

Electrum uses the peer-to-peer network architecture to keep the system decentralized; however, it also works in favor of hackers trying to intercept large transactions and trick users into downloading malicious files.

Industry experts warn against software apps and recommend using only hardware Bitcoin wallets like Ledger or Trezor. Electrum suggests that users keep a close eye on URLs and links when being asked to update the software. If it doesn't look legit, close it, and do not update the app.

About the Author
IDStrong Logo

Related Articles

46,000 Veterans and 13 Community Care Providers Affected by a VA Data Breach

The Incident Early last week, the Department of Veteran Affairs (VA) was breached by an unknown c ... Read More

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “A ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Latest Articles

What You Need to Know about the PowerSchool Data Breach

What You Need to Know about the PowerSchool Data Breach

PowerSchool was founded in 1997 and is known for its expertise in providing cutting-edge education technology within the education community.

What You Need to Know about the Scholastic Data Breach

What You Need to Know about the Scholastic Data Breach

Established in 1920, Scholastic is an American-based multinational and the largest publisher and distributor of children's books globally.

Massive Credit Card Leak Discovered by LEAKD.COM

Massive Credit Card Leak Discovered by LEAKD.COM

Recently, the security team at LEAKD. COM discovered that about 5 million United States credit cards and users' personal details had been leaked online.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Notice

By proceeding with this scan, you agree to let IDStrong run a Free Scan of supplied parameters of your personal information and provide free preliminary findings in compliance with our Terms of Use and Privacy Notice. You consent to us using your provided information to complete the Free Scan and compare it against our records and breach databases or sources to provide your Free preliminary findings report.

Rest assured: IDStrong will not share your information with third parties or store your information beyond what is required to perform your scan and share your results.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close