 |
| Bitcoin wallet update trick collects $ 22 million |
A simple technology has helped cyber criminals steal more than $ 22 million in funds from users of the Bitcoin e-wallet app (Electrum).
This method was first introduced in December 2018 and this attack mode has been used frequently in several campaigns over the past two years.
The investigation came on the heels of several Bitcoin accounts and the criminals collecting money stolen in the 2019 and 2020 attacks, some of which occurred in September 2020.
The victim report submitted to the Bitcoin Abuse Portal contained the same information.
Users of the Electrum Bitcoin Wallet app received an unexpected update request via a popup, updated their wallets, and the funds were instantly stolen and sent to the attacker's Bitcoin account.
Given the way cyber criminals steal money, this technology is effective due to the internal workings of the Bitcoin Electrum wallet application and back-end infrastructure.
The Electrum wallet is designed to connect to the blockchain through a network of servers called Electrum (ElectrumX).
Some wallet apps control who can manage these servers. However, in the open Electrum ecosystem, the situation is different and anyone can set up servers for the ElectrumX portal.
Cyber criminals have been abusing this vulnerability since 2018, waiting for users to randomly log into their systems.
The attacker asked the server to display a popup on the user's screen and install the Bitcoin Electrum Wallet Update.
As of December 2018, users reported the use of dozens of bitcoin accounts in what is known as Bitcoin e-wallet update technology.
These wallets currently contain bitcoins from 1980, which are worth just over $ 22 million.
A large amount of money appears to have been stolen during an incident in August when a user said he lost 1,400 Bitcoins (about $ 15.8 million) after upgrading his Bitcoin e-wallet.
Since the technology first appeared in late 2018, the Electrum team has taken a number of steps to mitigate this attack.
The team implemented a server blacklist system. To prevent malicious plugins from accessing the network, they added an update to prevent the server from displaying HTML pop-ups to users.
The attack on Bitcoin users who continue to use the legacy version of the Bitcoin wallet app to manage their money continues.