Bitcoin
$63,583.12+0.94%
Ethereum
$3,288.93+4.85%
Binance Coin
$602.82+2.27%
Solana
$141.75+3.25%
XRP
$0.51903835+0.63%
Dogecoin
$0.14950193+2.97%
Toncoin
$5.44+4.14%
Cardano
$0.46935812+2.64%
Shiba Inu
$0.00002466+1.08%
Avalanche
$34.56+1.04%
Tron
$0.12149168+0.87%
Wrapped Bitcoin
$63,793.44+0.97%
PlayIconNav
Crypto Prices CoinDesk 20 Index CoinDesk 20 Index
Countdown to Consensus 2024The largest and longest running event that covers all sides of Crypto and Web 3
30
DAYS
22
HR
55
MIN
31
SEC
Policy

Someone Just Lost $16M in Bitcoin by Using a Malicious Install of the Electrum Wallet

An Electrum wallet user claims to have lost a fortune in bitcoin after installing an older version of the software from a malicious source.

By Sebastian Sinclair
AccessTimeIconAug 31, 2020 at 10:41 a.m. UTC
Updated Sep 14, 2021 at 9:49 a.m. UTC
(cnythzl/Getty Images)
(cnythzl/Getty Images)
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

An Electrum wallet user claims to have lost a fortune in bitcoin after installing an older version of the software from a malicious source.

  • In a Sunday post on GitHub, the individual described the loss of more than 1,400 bitcoin (worth around $16.2 million at press time) as a result of "foolishly" installing an old version of the lightweight wallet.
  • Going by the username "1400BitcoinStolen," they described how a pop-up message asked to update their security prior to being allowed to transfer any funds.
  • Upon installing a purported "security update" for the wallet, it immediately triggered a transfer of the user's entire balance to an address in the possession of a hacker.
  • Binance's CEO Changpeng "CZ" Zhao has moved to blacklist the stolen funds from his exchange, stating users should "beware of this Electrum official update."
  • 1400BitcoinStolen said they had contacted blockchain analytics company Coinfirm for assistance in tracking the bitcoin and were awaiting a response.
  • Electrum has been around since 2011 and has gone through multiple updates while also being unable to stop bad actors exploiting previous versions by Sybil attacks using malicious servers.
  • Another member on the GutHub thread, "gits7r" – who seems to be associated with Electrum – said the problem comes from the decision by the team early on to allow users to "run their own servers or use servers that they trust."
  • If users download a version from a different source than electrum.org and don't check signatures, they may "install a backdoored Electrum," gits7r said.
  • In 2018, the Electrum network suffered such an attack from a bad actor who created multiple fake servers on the Electrum network that saw 245 bitcoin siphoned from unsuspecting victims.

See also: Crypto Wallet Maker Ledger Loses 1M Email Addresses in Data Theft

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.