Scam is nothing new and strikes again who was using outdated versions of the application made available by the portfolio.
Scammers are using fake Electrum portfolio updates to deceive investors. There are reports that the stolen amount is already worth $ 22 million in Bitcoin.
According to a report from ZDNet, cyber gangs are using a simple technique to send fake update alerts to Electrum wallet holders. Users are then instructed to download malicious programs that steal their cryptocurrencies.
Bitcoin wallet update trick has netted criminals more than $ 22 million https://t.co/919ho371vu
– ZDNet (@ZDNet) October 12, 2020
Still according to the story, this technique first appeared in December 2018, with a new wave of attacks being recorded last month.
Attackers used Electrum’s fake servers to send updates directly via pop-ups on older versions of the wallet. Customers receive an error message saying they need to update their program, which results in the malicious program entering the device.
The report continues:
Users of the Electrum wallet application received an unexpected pop-up message requesting an update, upgraded their wallets and the funds were immediately stolen and sent to the hacker (s) Bitcoin wallets.
These portfolios currently contain 1980 Bitcoins, which gives about $ 22 million at today’s quote. Taking into account the other 202 Bitcoins stolen according to the original report in December 2018, we have a total of over 24.6 million dollars stolen through a simple technique.
This is definitely not the ‘debut’ of this scam
However, it should be noted that a good portion of these funds appear to have been stolen on a single occasion, still in August, when a user claimed to have lost 1,400 Bitcoins (~ $ 15.8 million) after updating an Electrum wallet.
Since this technique was first seen, the Electrum team has taken several steps to mitigate this type of attack.
First, they implemented a blacklisting system on Electrum X’s servers to block malicious additions to their networks. Then, they also added an update where the servers no longer show pop-ups formatted in HTML to end users.
After all, a malicious server usually escapes now and then and the attack still works very well for Bitcoin users who are still using older versions of the Electrum wallet to manage their funds.