Two users of the Electrum software wallet have recently reported significant losses of Bitcoin (BTC). One of these victims reported that 36.5 BTC was stolen, worth approximately $380,512. Another victim described the loss of a staggering 1,400 BTC, totaling in $14,596,000. These two events seem to stand in connection with a long-lived phishing scam that Electrum has been suffering from since 2018.
Phishing Scams Bleeding Into Crypto
Jason Lau stands as the Chief Operating Officer of the OKCoin crypto exchange and gave comment about the matter at large, particularly the 1,400 BTC hack. He warned that users need to exercise caution when it comes to dealing with their own keys. This is especially so when the keys are for wallets containing considerable amounts of cryptocurrency. Simply put, the more money the wallets have, the more likely it is to attract hackers.
Lau went further, highlighting that this incident seems to be the result of a phishing attack, in particular. The victim installed an update from this phishing attack, which allowed the hacker to gain access to both the private keys as well as the funds. Lau further highlighted that phishing scams, in and of themselves, are extremely typical across all facets of the finance space, and continues to evolve in its levels of sophistication.
The Original Act
It was back on the 27th of December, 2018, when the initial news started to come out regarding phishing scams impacting the Electrum wallets, in particular. A reported $1 million in crypto was stolen, as the Reddit user publicizing the hack stated that the hacker had set up an entire array of malicious servers.
The hacker essentially diverted their victims to a malicious web page through these servers. This, in turn, prompted the victims to put in private data, which submitted control of their assets to this malicious actor behind the scheme. The scam itself revolves around a fake wallet update that, when downloaded by the victim’s device, installs the malware in question.
The wallet associated with this hack had, back in December of 2018, held 243 BTC. Now, however, that same address saw a staggering 637.44 BTC visit, then exited the wallet, leaving it empty, now.
Wallet difficulties for the Electrum wallets, in particular, have only continued. This includes a denial-of-service attack that acted eerily similar to the phishing scam that occurred in 2018. Phony software updates, in particular, seem to be an ongoing problem for the software wallet at large.