Cyber Thieves Steal $24 Million with a Fake Bitcoin Wallet Update

  • By Dawna M. Roberts
  • Oct 13, 2020

A technique first used in 2018 has allowed cybercriminal gangs to bilk $22 million from Bitcoin users. ZDNet reported on Monday that by pushing a fake update to users of the Electrum Bitcoin app, thieves installed malware stealing money from hundreds of accounts.

How Does it Work?

Victims from all over have reported the same thing. They opened the Electrum wallet app and received a pop-up message to update to a newer version. When they clicked the update button, all of their Bitcoin funds were diverted to the scammer's account, and theirs were left empty.

This technique works so well because of how the Electrum wallet app functions and its back-end infrastructure. When processing transactions, the app routes communications through a network of Electrum servers called ElectrumX. Unlike other wallet apps that control the management of Bitcoin servers, Electrum allows anyone to set up an ElectrumX gateway server. This open-source ecosystem doesn't discriminate against criminals.

This dangerous loophole allows criminal gangs to set up a server and wait for Bitcoin users to initiate a transaction and connect to their system in the lineup. Once there, the user receives a pop-up that their software version needs updating. The update is simply malware that diverts their funds and drains their Bitcoin accounts. 

Users have noted that the pop-up usually contains some random error message that their transaction did not go through, thus the need for the upgrade. The download link does not come from the official Electrum website but instead diverts to a fake domain or GitHub repository.

Because users think they are updating through the official Electrum website, when it asks for a one-time passcode, most users provide it, effectively giving the app permission to transfer all their funds to the hacker's account. Users have dubbed this technique the "fake Electrum update scam."

The Staggering Figures

To date, since 2018, when this scam first reared its ugly head, cybercriminals have stolen roughly $24.6 million. A large portion of this total was nabbed in a single incident this September when a user who owned 1,400 Bitcoin ($15.8 million) was scammed using this technique. The victim commented that "I foolishly installed the old version of the Electrum wallet. My coins propagated. I attempted to transfer about 1 BTC however was unable to proceed. A pop-up displayed stating I was required to update my security prior to being able to transfer funds. I installed the update, which immediately triggered the transfer of my entire balance to a scammer's address."

Back in 2018, this scam surfaced when almost $1 was reported stolen by users. A network of malicious servers was used to steal the cash and was reported on Reddit by an Electrum wallet user.

Shortly after that first cyber attack, Electrum suffered a denial-of-service attack also. Any time cyber criminals access electronic devices, it opens the user up to possible identity theft, fraud, and other scams.

What is Electrum Doing About It?

Although Electrum added a server blacklisting system to ensure that no malicious ElectrumX servers connected to the network, one or two slips through the cracks every now and then. Electrum also updated the app to prevent servers from displaying HTML pop-ups to users to push a fake update. But as of September, this obviously did not stop thieves from stealing $15+ million from one user.

Users who have older versions of Electrum are more at risk because these new safeguards are not in place. 

The Dangers of Using Crypto

Electrum uses the peer-to-peer network architecture to keep the system decentralized; however, it also works in favor of hackers trying to intercept large transactions and trick users into downloading malicious files.

Industry experts warn against software apps and recommend using only hardware Bitcoin wallets like Ledger or Trezor. Electrum suggests that users keep a close eye on URLs and links when being asked to update the software. If it doesn't look legit, close it, and do not update the app.

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “A ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

Cementitious Vendor—CGM—Network Compromised by 315k Data Breach

Cementitious Vendor—CGM—Network Compromised by 315k Data Breach

Based in Philadelphia, Pennsylvania, CGM is a nationwide cementitious vendor for industries and construction projects. They are a leader in manufacturing, labeling, and distributing custom cement and patching products.

Chattanooga Heart Institute Updates on 2023 Network Cyber Attack

Chattanooga Heart Institute Updates on 2023 Network Cyber Attack

Patients with cardiovascular issues may appear in one of the Chattanooga Heart Institute (CHI) facilities in Tennessee and Georgia.

Oklahoma’s Largest Non-Profit Health System Breached; 2.3 Million Exposures

Oklahoma’s Largest Non-Profit Health System Breached; 2.3 Million Exposures

INTEGRIS Health is the largest non-profit healthcare network in Oklahoma and surrounding regions. The network includes medical and surgical centers, hospitals, emergency rooms, hospice options, addiction recovery programs, and a holistic approach to health and wellness.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Exposure Scan
Instantly and Securely Check if Your Personal Information is Exposed on the Dark Web or Sold by Data Brokers
Please enter first name
Please enter last name
Please select a state
Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address