Hackers have stolen more than $750 000 USD in Bitcoins from users of the Electrum Bitcoin hot wallet since December 21st, CCN reports.
Another outlet places the amount stolen closer to $1 million.
A “hot wallet” is a device for storing the “private keys” needed to transmit Bitcoin and other cryptos across their related networks. Storing large amounts of cryptocurrency keys in a hot wallet is generally not recommended because hot wallets are vulnerable to internet-borne hacks.
Offline “hardware wallets” are generally much more secure, though hackers have exploited these also because, in order to send or receive coins, these devices have to be briefly connected to the net.
Electrum is one of the most popular hot wallets in circulation. To function, the wallet communicates with “nodes” or servers running the Bitcoin software.
“Forks” (modified versions) of the Electrum wallet are also available for Bitcoin Cash, Litecoin, Dogecoin and Dash.
To pull off the thefts, hackers have reportedly established “malicious” servers on the Bitcoin network. When an Electrum user attempts o transmit coins into or out of their wallets, the malicious servers send them a message advising they download “an update.”
A link provided then takes them to the attackers’ Github page, where the fake update malware is harboured.
Once installed, the malware prompts the user to enter a two-factor authentication code. If the user does so, attackers can then proceed to steal bitcoins from the user’s Electrum wallet.
Electrum has announced that it is aware of the malicious exploit and is now offering a genuine, hack-resistant update at electrum.org.
The company, however, says that it cannot do anything to expel the malicious servers from the network on its own:
“This is not a true fix, but the more proper fix of using error codes would entail upgrading the whole federated server ecosystem out there…”
The company also warns users to continue to be very careful and to update only from the electrum.org site and never from Github (a repository/collaboration centre for working on/providing open-source software that anyone can use).
Github administrators have reportedly removed the malicious repository from their site.
Electrum says that although the first attack was addressed and then briefly lapsed, attackers have adjusted their methods and attacks have now been reinstated.
More attacks are also expected.