Coinbase Blockchain Security Engineer Keeps a Track on the Phishing Campaigns on the Electrum Network

According to a blog post by Coinbase, the platform’s Blockchain Security Engineer, Peter Kacherginsky has been tracking the phishing campaigns on the Electrum Network, a lightweight Bitcoin client based on a client-server protocol that was released about 8 years ago.

The main push towards this move is the fact that users of the Electrum Wallet have continuously been attacked since December last year resulting to massive losses. The Electrum Wallet is one of Bitcoin’s most popular Wallets. Other features of the Electrum Wallet include;

  •  It is an encrypted wallet with Bitcoin private keys that are protected with a password and never leaves the user’s computer
  •  It offers deterministic key generation that allows users to recover their lost wallets through a recovery seed
  •  Electrum servers are decentralized and redundant, therefore users can never experience downtimes
  •  It supports 3rd party  plugins such as the Multisig services, Hardware wallets, etc
  •  It is fast, secure and easy to use

electrum wallet

The Phishing Attack

The attack begun just recently in December, whereby an alleged hacker or group of hackers pulled off a phishing attack on the popular Electrum Wallet and tricked users, and stole their funds. Apparently, the hacker(s) created a fake version of the wallet that fooled users into providing password information.

According to Peter, the Electrum Wallet once had a feature that displayed error messages sent by the server as a way of informing users of the reason for their transactions not going through.

He says that; ‘’exposing users to arbitrary messages from an un-trusted network of servers operated by unknown parties is ripe for exploitation’’.

Peter tries to deeply look into how the attackers managed to force a wallet to connect to them and display malicious messages, as well as what the servers used are. Apparently, the attacker(s) learned how to modify the ElectrumX server software allowing it to always send arbitrary error messages.

The error message then leads to a phishing site where several versions of the Electrum Wallet are readily available for download. After users download the fake updates, the hacker(s)’version of Electrum wallet steals all their funds.

Peter discovered that the phishing website created by the attacker(s) was almost similar to the original website and even posted announcements on the current version of Electrum Wallet. However, the file hashes did not match the original. He leaves an advice for all users of the wallet to remain vigilant and only download software from trusted sources.