Electrum Wallet scam defrauds wallet users through fake updates

Malware users are targetting unsuspecting crypto users through an Electrum Wallet scam asking for their credentials. The malicious actors are targetting users that are still using an older version of Electrum.

The attackers find victims using fake Electrum servers to send pop-up messages to people using the wallet’s old version. These popups encourage people to install fake updates, allowing them access to their computer and wallet credentials.

Electrum Wallet scam

The fake updates, prompted by the popup notifications, trick victims to install malware on their device. The attackers use servers to send these notifications directly through.

Once the install has finished, the application requires a one-time password (OTP) from the user. Upon entering this code, the user has granted the attacker permission to drain funds from his wallet.

According to the business technology website ZDNet, the attackers have already managed to accumulate $22 million through the Electrum Wallet scam. This was estimated by taking a look at the attackers’ wallet address. The address holds 1980 BTC that are worth around $22.5 million at the current trading price.

Loophole

ZDNet revealed that this technique of phishing first emerged in December 2018. Since then, this attack technique has been used across multiple campaigns to defraud crypto investors.

The website tracked multiple criminal wallets that stored these stolen cryptocurrencies during 2019 and 2020. During this period, these attacks continued to occur, with some attacks taking place as recently as last month.

Many Electrum users confirmed this study in Bitcoin abuse portals. They revealed that their Electrum Bitcoin wallet application received an update request, following which their wallets were drained of funds. The funds were sent to the attackers’ address.

Cybercriminals have been using a loophole in the operating method of Electrum wallets that allow them to set up servers and wait for users to randomly connect to their network.

When this happens, the attacker is able to send popup messages to the user and promote the Electrum wallet scam.