An attack on the bitcoin wallet Electrum has left many with a loss in bitcoin but one with approximately 245 extra bitcoin. Electrum is a bitcoin wallet that does not require that the user download full blockchain, but rather uses a network of servers to keep the bitcoin. A malicious actor has taken advantage of this and set up malicious servers onto the Electrum network. Once these servers are accessed, a fake error message pops up, informing users that they need to install an update for Electrum. Once the user follows the link for the download and open the malicious app, they are instructed to login with their two-factor authentication. This is then stored and the attackers now have the information they need to login to the account of the people they have tricked. This then allows the attackers to steal the money right from the users without them knowing how it is done.
Analyst Notes
Since the user has added multiple fake servers to Electrum, there is currently no patch out for this issue. A statement was released saying Electrum made updates on their side to make the fake error messages look less authentic, but there has not been a patch yet. They stated they are doing their best to inform users of this attack and warn them not to follow any error messages that look like the scam.
