Hackers used a clever new tactic to steal over $700k from the users of a popular bitcoin wallet36

Admins of popular Bitcoin wallet, Electrum, are warning users of a phishing attack that tricks its users into downloading a malicious update that steals their password codes. According to ZDNet, these hackers added tens of malicious servers to Electrum’ wallet network which, when triggered, prompts users to download a wallet update containing malicious code. Users of this updated version will be asked to enter their 2-factor authentication code, which the hackers will use to access their wallet—emptying their balance. Hackers were able to steal over 200 bitcoins, approximately $730k at the time of this writing.

According to ZDNet, the core issue for Electrum is that it allows “popups with custom text” to trigger in a user’s wallet interface.  This enables attackers to get direct access to their victim’s interface and render authentic-looking server messages like the one below.

Original source

Add comment

Please Sign in to be able to leave comments.