Phishing Attacks On Electrum Wallet Sees Over $16 Million Stolen From Unsuspecting Users
New reports show that over $500,000 worth of Bitcoin (BTC) has been siphoned from Electrum wallets – about 72 hours after a GitHub user claimed they had lost 1,400 BTC in a similar hack. Some of the funds have been traced to Binance, with the exchange blacklisting up to 70 accounts linked to the transaction IDs.
Back in February 2019, an Electrum wallet user named “KallEYE” wrote on GitHub that 0.09 BTC was missing from their wallet following an update software upgrade. Over the last year, several users also complained of a similar phishing attack, one user stating they had lost about 0.00796663 BTC to this address.
On Aug. 30, another GitHub user claimed the same address had stolen over 1,400 BTC (currently worth ~$17 million), raising brows on the bug exploiting Electrum wallets. Explaining the happenings of the hack, the user said he had not accessed the BTC since 2017 and mistakenly downloaded the old version of the Electrum wallet.
Once downloaded, the app prompted the user to update their software before withdrawing any amounts from the wallet. Once installed, the update “immediately triggered the transfer of my entire balance to a scammers address,” the user wrote on GitHub.
Another user, Cryptbtcaly, claims over 36 BTC, worth ~$500k, was stolen from their wallet two months ago, showing the rampancy of the hacks on old Electrum wallets. Investigations on the movement of the coins showed some coins moved to Binance wallets, but despite constant calls to the exchange team, much has yet to be done.
The hacker's address shows it has received over 1,506 BTC and sent out 1,500 BTC since its first transaction in 2018.
Binance connection and response
According to data from Crystal Blockchain, a crypto transaction tracking analysis firm, a transaction worth around 5 BTC (~$60 k) can be traced back to the hacker’s wallet on Binance. The exchange responded to the 1,400 BTC hack and the specific transaction ID traced to Binance on Jan 2018.
A spokesperson from the exchange revealed that the transaction ID (TxID) is connected to 72 addresses on Binance but not a specific wallet on the exchange. The founder and CEO of Binance, Changpeng Zhao, alias CZ, said the addresses have since been blacklisted.
We blacklisted the addresses involved, but …
— CZ Binance (@cz_binance) August 30, 2020
Notwithstanding, Electrum has opened up a phishing case with the German Police and the U.K authorities. A representative from Electrum stated,
“We (electrum developers) have reported the phishing attack to the police about a year ago. I cannot make any comments about the progress of the investigation, but it helps if victims report it independently. If you live in Germany, you should contact the cybercrime unit of the LKA Berlin.”