The amount of damage from a vulnerability in older versions of the Electrum bitcoin wallet has exceeded $ 22 million, according to a ZDNet investigation. Attackers have been exploiting the vulnerability since at least December Of 2018. It has been used in numerous fraudulent campaigns over the past two years..
Electrum Bitcoin Wallet Vulnerability Exceeds $ 22 Million in Two Years
ZDNet analysts have discovered several bitcoin wallets used to store assets stolen from users. The last receipts to these wallets are dated September 2020 year. Also in August, one of the users reported that he lost 1,400 BTC or about $ 16 million by downloading a vulnerable version of the wallet.
The exploit is possible due to the internal design of Electrum. For transaction processing it connects to the bitcoin blockchain through its own network of servers called ElectrumX. Anyone can install such a server..
Since 2018, cybercriminals have been using Electrum software to launch malicious servers, waiting for unsuspecting users to accidentally connect to them. After that, they display a message on the screen of the cryptocurrency holder stating that he needs to follow the specified link to update the wallet. It usually leads to a domain similar to the official one, or to one of the repositories on GitHub.
After downloading the wallet from this link, the user installs a modified version of Electrum on his computer. On first launch, the wallet asks for a one-time password. It’s enough for, to steal all bitcoins from the victim’s wallet.
Since the discovery of the issue, the Electrum developers have taken several measures to protect users. They initially implemented a mechanism to blacklist ElectrumX servers. They also prevented servers from showing arbitrary pop-up messages. However, they have no way to protect users downloading older software versions..
Best conditions for buying and selling bitcoins (btc) on P2PB2B minimum commissions.