Recently, two Electrum users fell into the trap of phishing scams and lost a lot of their Bitcoin BTC from their wallets. According to the complaint, one victim lost 1,400 BTC while another lost 36.5 BTC, worth $14.595.000, and $380,512, respectively. The spokesperson for the company revealed that the event might be due to a phishing scam that has been a problem since 2018.
The Chief Operating Officer of OKCoin, Jason Lau, warned users to be careful when dealing with their keys, particularly if they have a huge amount of BTC in their wallet as it then becomes attractive for scammers. He further added that the recent event was a phishing attack where the victims installed software thinking it would be an update giving the hackers access to their wallet account. He said that phishing attacks are becoming common across different financial applications and have also grown more sophisticated, making them difficult to track.
The first reports of a phishing scam on the Electrum wallet came into light on 27th December 2018 that resulted in a total loss of $1 million. The event came to light when an anonymous Reddit user highlighted the hack. The user explained how the hacker led the wallet user to a malicious webpage using their server and prompting them to enter their personal details of the account. It led the hackers to gather all the information they needed to get total control of the user’s asset. It also involved a fake update for the wallet that led the user to download malware on the device. It was then reported that the wallet address had 243 BTC, but it was later revealed that it had 637.44 BTC that was emptied by the hackers. Soon after the first attack, there were reports of other phishing attacks on the wallet, one of which was the denial-of-service attack.
According to the recent victim, he had not been using the electrum account since 2017 and has 1,400 BTC in the wallet. He mistakenly installed the older version of the electrum wallet and tried to transfer 1 BTC into another account. But, the transaction failed, and a pop-up asked him to update the security before being able to make any transactions. Upon installing the update, his entire balance from the electrum account was transferred to the scammer’s Bitcoin address.
Officers looking into the theft revealed that the thief or thieves behind the scam were using a Binance exchange account that was linked to more than 75 wallet addresses. However, tracking transactions is quite difficult. One of the Electrum representatives stated that they reviewed the victim’s account, and no suspicious indicator was reported. Jason Lau warned users to double-check any software that they are downloading to their devices and verify the sources of any updates.
Soon after the 1,400 BTC hack came to light, another victim revealed that he had lost 36.5 BTC from the Electrum wallet about two months back. The victim itself tracked the funds’ stolen funds to five Bitcoin addresses. He tried reaching out to Binance and asked them to return the stolen Bitcoin, they refused.
One of the controversies that arose from the hack was that the user was storing a large amount of Bitcoin into the Electrum account, attracting Keylogging attacks and malware risks. These wallets are not as secure as hardware wallets, but they are pretty easy to use for day to day transactions.
According to experts, users are encouraged to use hardware wallets like Trezor or Ledger. While these two companies had their share of challenges, users still prefer to use hardware wallets for crypto storage and transactions.