KEY POINTS

  • A man loses 1,400 BTC when phishing exploit disguised as an update proceeded to sweep his Electrum wallet off his bitcoins
  • Electrum said the exploit exists in older versions
  • The crypto community tried to offer help, with Binance vowing to block the addresses involved

A man lost 1,400 bitcoins worth $16 million in a phishing scam involving the Electrum wallet. The phishing scam is a known exploit existing in older versions of Electrum that has stolen $25 million worth of bitcoins so far.

In a Github thread, a Bitcoin holder said how 1,400 BTC was stolen from his wallet. The wallet has not been accessed since 2017. The problem was that he installed an older version of the Electrum wallet.

"My coins propagated. I attempted to transfer about 1 BTC however I was unable to proceed," he said. A pop-up message appeared asking the holder to update his security prior to being able to transfer the funds. "I installed the update which immediately triggered the transfer of my entire balance to a scammer’s address."

According to Electrum developer Thomas Voegtlin, the exploit is nothing new and has been around since 2018. Voegtlin said the Electrum website displays a warning about the exploit and that warning has been up for the last 18 months. "The user was scammed because he used old software, susceptible to phishing," Voegtlin told news outlet Decrypt. The publication noted that this is the largest amount of Bitcoins stolen through the exploit.

In Dec. 2018, many Electrum wallet users fell victim to a phishing attack that stole 771 BTC which, at the time, was worth $4 million. At current prices, that amount is worth $8,9 million. According to security software firm Malwarebytes, the scammers tricked users to download a compromised version of Electrum. In response, Electrum developers tried fixing the exploit, which the scammers tried resisting by launching a distributed denial of service (DDoS) attack against the wallet’s servers.

The method used is called a Sybil attack, which basically introduced more malicious nodes than honest nodes in the Electrum network. To the user, this is disguised as an update. Once that update is installed, scammers would be able to control the wallet and proceed to send its contents to a separate wallet they control.

As the latest hacking news spread to the crypto community, Binance CEO Changpeng "CZ" Zhao tweeted that the exchange would blacklist the address involved.