Phishing attack on Electrum cost users about 250 BTC

On December 27, several people on their social networks reported that the wallet was under attack by a hacker, and he had already managed to steal about 250 bitcoins (approximately $937,000). The attack was subsequently confirmed by Electrum. According to its representatives, the hacker created a fake version of the wallet to obtain passwords from real user wallets.

“The hacker installed a large number of malicious servers,” writes Reddit user u/normal_rc. “If your wallet is connected to one of these servers and you try to send BTC to someone, you will see a pop-up window identical to the real one, which will prompt you to update your Electrum wallet using a malicious link.”

Another Reddit post reads:

“When logging into the wallet, the system asked for a two-factor code. I decided that this was quite strange, as usual the system requests such confirmation only when sending cryptocurrency. When entering the confirmation code, an error appeared that did not allow me to log into the wallet. Then I restored my wallet on another computer, and found that all my funds had already been completely withdrawn.”

According to unofficial calculations by u/normal_rc, the hacker’s main wallet currently contains 243 BTC.

Yesterday Electrum tweeted. about this incident the following:

“We inform you that a phishing attack on Electrum users continues. Our official website is electrum.org. Do not download the Electrum wallet from other resources.”.

According to cointelegraph.com