Electrum, a popular wallet for Bitcoin, has yet again been struck by a malware, and 2.042 Bitcoin were lost. The infamous scam was recently highlighted by cryptocurrency transaction tracking service after someone sent $32,876 worth of Bitcoin to the address used by the malware.
A malware is just a malicious piece of software that most commonly contains a ransomware or a spyware and is designed to deal damage to the victim’s system or as in this case, steal the victim’s digital assets. Most commonly, it does this by changing any payment address that users try to copy and paste into an address owned by its creator.
The 2.042 Bitcoin was sent to the wallet address used by this malware and the address has been active since 2019, according to Blockchain.com. The transaction was initiated on November 13, at 11:06 UTC, and cost a fee of approximately 0.001 Bitcoin, or $27.
To date, the above mentioned address has garnered a whopping $1 million since its inception in May 2019.
Electrum’s history with attackers
Electrum wallet users have been plagued by these types of attacks for a long time. A 2019 investigation by cybersecurity firm Malwarebytes Labs discovered that an Electrum exploits helped the attackers subvert users from legitimate nodes to bad nodes controlled directly by the attackers. Following this, users were prompted about a “security update,” which when downloaded would install the malware into the user’s system.
Just last month, a similar exploit sent out an “update” notification for the wallet application on the victim’s phones saw more than $22 million worth of Bitcoin stolen. Electrum’s open-source approach, allowed the hackers to set up their own ElectrumX gateway server with the help of a malicious developer.
This allowed the hackers to set up malicious servers and see users connect to those compromised networks. The attackers then instructed the server to push a notification with instructions for a “Security update”, and when installed, the malware would infect the system.
Around 1980 Bitcoin was reportedly being held in the wallet controlled by the hacker. Electrum enabled a server blacklisting system on Electrum X servers to block malicious additions to their networks following the attacks. An update was released that prevents servers from showing HTML formatted popups to end-users.