August 23, 2019

August 22, 2019

Subscribe to Latest Legal News and Analysis

August 21, 2019

Subscribe to Latest Legal News and Analysis

August 20, 2019

Subscribe to Latest Legal News and Analysis

Hack of Electrum Wallets Reaps over 200 Bitcoin (around $750,000)

A scary scheme by hackers recently successfully lifted Bitcoin from Electrum wallet owners to the tune of approximately $750,000.

The scheme worked like this: the attackers added anywhere between 33 and 50 malicious servers to the Eletrum wallet network. When legitimate owners of Electrum Bitcoin wallets initiated a Bitcoin transaction after December 21, 2018, if the transaction was routed through a malicious server, the user received an error message surging the user to download a wallet app update coming from an unauthorized GitHub depository. Once they download the malicious update, the app asks the user for a two-factor authentication code, which is then used by the thief to steal the user’s funds and transfer the funds to the hacker’s Bitcoin address.

The attacks were reportedly successful because the server messages were delivered as rich-formatted texts, which made the popup alert look authentic and conveniently provided a link for users to click on to apply the update. Following discovery of the heist, Electrum reportedly updated the Electrum wallet app so the messages urging users to download the update no longer appear in rich HTML text. Still, one of the issues with cryptocurrency is the fact that it is not protected by the government and it is unclear what, if anything, these Electrum wallet users can do to get their stolen Bitcoin back.

Copyright © 2019 Robinson & Cole LLP. All rights reserved.


About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...