Someone Just Lost $16M in Bitcoin by Using a Malicious Install of the Electrum Wallet

An Electrum wallet user claims to have lost a fortune in bitcoin after installing an older version of the software from a malicious source.

AccessTimeIconAug 31, 2020 at 10:41 a.m. UTC
Updated Sep 14, 2021 at 9:49 a.m. UTC

An Electrum wallet user claims to have lost a fortune in bitcoin after installing an older version of the software from a malicious source.

  • In a Sunday post on GitHub, the individual described the loss of more than 1,400 bitcoin (worth around $16.2 million at press time) as a result of "foolishly" installing an old version of the lightweight wallet.
  • Going by the username "1400BitcoinStolen," they described how a pop-up message asked to update their security prior to being allowed to transfer any funds.
  • Upon installing a purported "security update" for the wallet, it immediately triggered a transfer of the user's entire balance to an address in the possession of a hacker.
  • Binance's CEO Changpeng "CZ" Zhao has moved to blacklist the stolen funds from his exchange, stating users should "beware of this Electrum official update."
  • 1400BitcoinStolen said they had contacted blockchain analytics company Coinfirm for assistance in tracking the bitcoin and were awaiting a response.
  • Electrum has been around since 2011 and has gone through multiple updates while also being unable to stop bad actors exploiting previous versions by Sybil attacks using malicious servers.
  • Another member on the GutHub thread, "gits7r" – who seems to be associated with Electrum – said the problem comes from the decision by the team early on to allow users to "run their own servers or use servers that they trust."
  • If users download a version from a different source than electrum.org and don't check signatures, they may "install a backdoored Electrum," gits7r said.
  • In 2018, the Electrum network suffered such an attack from a bad actor who created multiple fake servers on the Electrum network that saw 245 bitcoin siphoned from unsuspecting victims.

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Trending

1
CoinDesk - Unknown
Metagood: Bringing Social Good to Web 3

Bill Tai and Amanda Terry discuss Metagood, a NFT for social good platform.

CoinDesk - Unknown
2
CoinDesk - Unknown
Deutsche Bank: Crypto Freefall Could Continue Because of the System’s Complexity

As bitcoin and other cryptocurrencies are speculative, high-risk assets, they are disproportionately affected by central bank tightening, the bank said.

CoinDesk - Unknown
3
CoinDesk - Unknown
Michael Saylor's MicroStrategy Purchased Another $10M of Bitcoin Over Past Two Months

The company disclosed the acquisition of another 480 bitcoins, bringing total holdings to 129,699 coins.

CoinDesk - Unknown
4
CoinDesk - Unknown
Citi Flags Crypto-Backed Real Estate Mortgages Amid Falling Market Conditions

Citigroup has published an investor note on the rise of crypto-backed mortgages and financing of digital property purchases.

CoinDesk - Unknown