Advertisements
News

The Electrum developers are warning users about phishing attack

The Electrum wallet developers reported via Twitter about an ongoing phishing attack against Electrum users.

The team provided the link to the official wallet website and asked users not to download Electrum from any other source.

According to GitHub, there is an ongoing attack against users where servers raise exceptions when a client broadcasts a transaction; in this case the error text is displayed as is in the client GUI. The attacker has spawned lots of servers on different /16 IPv4s to increase his chances of being connected to. The error messages are trying to get the user to download and install malware (disguised as updated versions of electrum).

To make the attack more effective, the attacker is creating lots of servers (sybils), hence increasing the chance a client would connect to him.

The Electrum team released a a software update, version 3.3.2. This is not a true fix, but now the error text looks in another way:

One of the Reddit users, Crypto God, posted a link to a hacker’s wallet which received more than 243 BTC in three transactions.

Advertisements