Cybercrime gangs have stolen over to $22 million from users who use the Electrum Bitcoin wallets via a fake app update scam according to an investigation. The criminals later transferred the stolen funds to multiple Bitcoin accounts which now contain 1,980 bitcoin.
Much of these funds were stolen in one single incident in August, after an Electrum BTC wallet user posted on Github about losing 1,400 bitcoin after falling for the fake update. Furthermore, a report found that the hackers who stole the 1,400 BTC had a Binance account and that some of the transactions involved in the theft originated in Russia.
It turned out that these criminals have been using a particular technique repeatedly since December 2018 right until their last known attack which occurred in September 2020. Meanwhile, with the ongoing hacks, Electrum Bitcoin wallet users also reported the attacks via Bitcoin abuse portals. As seen in the image below, victims received an Electrum app update request. Soon after updating their wallets, the hackers immediately stole the users’ funds and transferred them to an attacker’s Bitcoin account.
Unlike most wallets, Electrum has an “open” ecosystem, where everyone can set up and manage the wallet’s gateway servers, which the hackers apparently took advantage of.
Per the report, this fake update’s download link is not for the official Electrum website, but to lookalike domains or GitHub repositories. The investigators advised users to pay attention to the URL upon receiving such update requests and cautioned:
If users don’t pay attention to the URL, they eventually end up installing a malicious version of the Electrum wallet
Since this technique was first seen in late 2018, the Electrum team has tried to mitigate these attacks.