Commercial
Man loses $16 million in bitcoin by using a malicious Electrum wallet install.
After installing an outdated version of the program from a fraudulent source, one Electrum wallet user claimed to have lost a large amount of bitcoin.
After installing an outdated version of the program from a fraudulent source, one Electrum wallet user claimed to have lost a large amount of bitcoin.
The person wrote on GitHub on Sunday about losing more than 1,400 bitcoin, which were worth approximately $16.2 million at the time of publication, as a result of "foolishly" installing an outdated version of the lightweight wallet.
They spoke under the nickname "1400BitcoinStolen," describing how a pop-up window requested that they improve their security before being permitted to send any money.
A user's entire balance was transferred to a hacker's address the moment they installed a supposed "security update" for their wallet, which was then installed.
According to Changpeng "CZ" Zhao, CEO of Binance, the exchange's stolen money have been added to a blacklist, and users should "beware of this Electrum official update."
In order to assist in locating the stolen bitcoin, 1400BitcoinStolen reported that they had been in touch with blockchain analytics firm Coinfirm. They are now waiting for a response.
Since its release in 2011, Electrum has undergone numerous revisions. Unfortunately, it has not been able to prevent malevolent actors from Sybil attacks utilizing rogue servers, which exploit previous versions of the software.
The issue, according to "gits7r," another participant in the GutHub post who appears to be affiliated with Electrum, stems from the team's early decision to permit users to "host their own servers or use services that they trust."
Users who download an electrum version from a source other than electrum.org and fail to verify the signature risk "installing a backdoored Electrum," according to gits7r.
