An Electrum wallet user claims to have lost a fortune in bitcoin after installing an older version of the software from a malicious source.
- Going by the username "1400BitcoinStolen," they described how a pop-up message asked to update their security prior to being allowed to transfer any funds.
- Upon installing a purported "security update" for the wallet, it immediately triggered a transfer of the user's entire balance to an address in the possession of a hacker.
- Binance's CEO Changpeng "CZ" Zhao has moved to blacklist the stolen funds from his exchange, stating users should "beware of this Electrum official update."
- 1400BitcoinStolen said they had contacted blockchain analytics company Coinfirm for assistance in tracking the bitcoin and were awaiting a response.
- Another member on the GutHub thread, "gits7r" – who seems to be associated with Electrum – said the problem comes from the decision by the team early on to allow users to "run their own servers or use servers that they trust."
- If users download a version from a different source than electrum.org and don't check signatures, they may "install a backdoored Electrum," gits7r said.
- In 2018, the Electrum network suffered such an attack from a bad actor who created multiple fake servers on the Electrum network that saw 245 bitcoin siphoned from unsuspecting victims.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is an award-winning media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. In November 2023, CoinDesk was acquired by Bullish group, owner of Bullish, a regulated, institutional digital assets exchange. Bullish group is majority owned by Block.one; both groups have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary, and an editorial committee, chaired by a former editor-in-chief of The Wall Street Journal, is being formed to support journalistic integrity.