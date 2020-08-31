Someone Just Lost $16M in Bitcoin By Using a Malicious Install of the Electrum Wallet
An Electrum wallet user claims to have lost a fortune in bitcoin after installing an older version of the software from a malicious source.
- In a Sunday post on GitHub, the individual described the loss of more than 1,400 bitcoin (worth around $16.2 million at press time) as a result of âfoolishlyâ installing an old version of the lightweight wallet.
- Going by the username â1400BitcoinStolen,â they described how a pop-up message asked to update their security prior to being allowed to transfer any funds.
- Upon installing a purported âsecurity updateâ for the wallet, it immediately triggered a transfer of the userâs entire balance to an address in the possession of a hacker.
- Binanceâs CEO Changpeng âCZâ Zhao has moved to blacklist the stolen funds from his exchange, stating users should âbeware of this Electrum official update.â
- 1400BitcoinStolen said they had contacted blockchain analytics company Coinfirm for assistance in tracking the bitcoin and were awaiting a response.
- Electrum has been around since 2011 and has gone through multiple updates while also being unable to stop bad actors exploiting previous versions by Sybil attacks using malicious servers.
- Another member on the GutHub thread, âgits7râ â who seems to be associated with Electrum â said the problem comes from the decision by the team early on to allow users to ârun their own servers or use servers that they trust.â
- If users download a version from a different source than electrum.org and donât check signatures, they may âinstall a backdoored Electrum,â gits7r said.
- In 2018, the Electrum network suffered such an attack from a bad actor who created multiple fake servers on the Electrum network that saw 245 bitcoin siphoned from unsuspecting victims.
