Electrum Wallet Spear Phishing Campaign Nabs Bitcoin Bonanza
Nearly 250 bitcoin have been stolen after some users of wallet software Electrum Wallet fell victim to a spear phishing campaign involving malicious servers sending out fake software update advisories. The attacker’s malware was then used to scrape bitcoin from the wallets of those who took the bait.
Subscribe to the Bitsonline YouTube channel for great videos featuring industry insiders & experts
Command and Control Attacks Target Electrum, Electron Cash Users
Per a GitHub disclosure by Electrum developer SomberNight, an attacker spun up malicious Electrum servers and used these servers to ping fake software update warnings to wallets connected to those sybil servers circa Dec. 21st and Dec. 27th.
It’s currently not clear how many individual users have been affected by the campaign, though traced transactions have pegged the attacker as having nabbed at least 243.58 bitcoin — then worth around $1 million USD — at press time.
Electrum’s team released two fixes to mitigate the vector in their 3.3.2 software release, but the patches have been described as less than a “proper fix” and the attack as “ongoing” on Dec. 27th.
“This is not a true fix, but the more proper fix of using error codes would entail upgrading the whole federated server ecosystem out there,” developer SomberNight noted in their disclosure.
The campaign has apparently been multi-faceted. Some users of Electron Cash, a wallet software fork for bitcoin cash derived from Electrum, have also been hit with fake transaction error messages via the attacker’s infrastructure.
Those messages similarly told users to update their wallet software via an authoritative-looking link that dispensed malware crafted for the scam.
Like the Electrum Wallet victims, it’s currently unclear how many Electron Cash users have been affected by the spear phishing attack.
Security Concerns Abound in Early Cryptoeconomy
Between keyloggers, screen scrapers, SIM swaps, and beyond, there are no shortage of attack vectors hackers can use to part users from their cryptocurrency.
And the attacks, like this month’s targeting of Electrum, can be complex, sprawling, and well-disguised.
In recent years, most advanced persistent threats (APTs) in the cyberspace in general have involved “cocktails” of malware and command and control attacks that can prove devastatingly effective for plundering. That dynamic will remain until better awareness and cybersecurity mechanisms are actualized in the space.
And servers aren’t safe either.
Of course, wherever there are vulnerabilities, blackhats will be probing. And cryptocurrency defenders of all stripes must raise their game while such vulnerabilities abound.
What’s your take? Are these kinds of attack vectors an existential threat to the fledgling crypteconomy? Let us know in the comments section below.
Images via u/jimfriendo, SomberNight, Pixabay