Hackers use botnet to attack Electrum Bitcoin wallet; over $4M USD stolen

Cybersecurity specialists have reported an active attack campaign against users of Electrum, a popular Bitcoin wallet; according to reports, hackers are deploying the attack using a gigantic botnet of more than 150k infected devices, the losses already amounted to more than $4.5M USD.

Last December, hackers began to launch cyberattacks against the infrastructure of Electrum, exploiting a vulnerability to deceive users and force them to download malicious versions of the software, commented the cybersecurity experts.

Some malicious servers were added to the Electrum peer networks; these unauthorized servers were developed to intentionally display an error to validate Bitcoin wallet applications. The malicious software update was downloaded from an unofficial repository on GitHub.

This phishing campaign helped malicious hackers steal around 250 Bitcoin, equivalent to about $970k USD depending on the current exchange rate, plus allowed them to take control of the compromised systems.

As a protection measure, the developers of Electrum began to exploit the same technique as the attackers for users to download the corrected version of this system. “Users of versions prior to 3.3 will no longer be able to connect to Electrum’s public servers,” the cybersecurity specialists mentioned.

However, the criminals responded to this measure by deploying DDoS attacks against the legitimate Electrum servers to try to get users from earlier versions to connect to malicious nodes while the legitimate ones were still shut down.

According to specialists from the International Institute of Cyber Security (IICS), the number of infected users (and that, without intention, are part of the botnet) already exceeds 150k, showing an exponential growth during the last two weeks. This botnet keeps growing, infecting mainly countries in the Asia-Pacific region, Brazil and Peru.

Developers recommend users to update their Electrum Bitcoin wallets, as the most recent version of the wallet (3.3.4) is not vulnerable to these phishing attacks. You can download this version from the official Electrum website.