Electrum is one of the most popular crypto wallets on the market, as it has been around since 2011 – making it a crypto veteran. However, 2019 has been a rough year for the popular wallet, suffering two attacks in the space of six months. The latest attack was a well-planned incident where more than a 140,000-strong botnet launched countless Electrum servers, which contained an altered version of the Electrum Wallet.
When a user connected to these infected servers, they were prompted to update their Electrum client. As soon as the client was updated, the botnet captured their user details and empties funds from their accounts. So far, millions of dollars’ worth of crypto has been noted missing, but the final count is far from over.
Phishing Hits Electrum
Back in December 2018, Electrum was hit by a phishing attack whereby hackers falsified a wallet update in a bid to steal user details. During this attack, more than 240 Bitcoins were stolen – worth $850,000 at the time. That same pile of Bitcoin is now worth a staggering $1.3 million thanks to the recent Bitcoin rally, making it a huge attack on the Electrum community. These style attacks are possible on open source projects and are the one flaw with the system.
False Positives Getting Flagged
After the phishing attack back in December 2018, many users were extra wary when Electrum 3.3.3 threw up a warning message over the fact it could be a trojan virus. The Electrum community took to Reddit to discuss the issue and to work out whether it was a false positive or yet another phishing attack. Fortunately, it was a false positive and the latest update hadn’t been compromised by a malicious 3rd party – phew.
Attacks on Wallets Becoming Common
Open source wallets are all the rage due to the fact they are allegedly safer. Yet, these three instances are exactly why open source wallets are so dangerous. Scammers and attackers can easily pose as Electrum and trick the community into installing their update. With the Cointicker app getting hacked to steal crypto private keys, relying solely on an open source wallet could soon become a thing of the past. Centralized wallets might have too much control and power over your finances, but at least most have insurance and store their cryptos with BitGO.
If you think you have lost funds due to the Electrum Dos attack, it’s advised that you reach out on the official bitcointalk page. In the meantime, Electrum is advising that users disable auto-connect and manually select their server. After two attacks in six months, it might be wise to search for an alternative wallet!