{"id":29996,"date":"2020-10-13T09:57:09","date_gmt":"2020-10-13T06:57:09","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=29996"},"modified":"2025-08-27T20:03:34","modified_gmt":"2025-08-27T17:03:34","slug":"study-hackers-stole-1980-bitcoins-via-fake-electrum-wallet-update","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/study-hackers-stole-1980-bitcoins-via-fake-electrum-wallet-update\/","title":{"rendered":"Study: Hackers Stole 1,980 Bitcoins via Fake Electrum Wallet Update"},"content":{"rendered":"<p>Criminals stole more than $23 million in bitcoin from users via a fake Electrum wallet update, researchers at ZDNet found.<\/p>\n<p>They tracked several accounts to which the attackers moved the bitcoins stolen in 2019\u20132020. They hold 1980 BTC \u2014 $23.15 million at the time of writing.<\/p>\n<p>Most of this sum was obtained in a single incident, when in August <a href=\"https:\/\/u1f987.com\/en\/news\/investor-loses-1400-bitcoins-after-using-an-older-electrum-wallet\">stole<\/a> 1400 BTC from one of the Electrum users.<\/p>\n<p>In all cases victims received a prompt to update the wallet via a pop-up message. After updating, the funds were immediately transferred to the attackers&#8217; address.<\/p>\n<p>The method works because Electrum wallets connect to the Bitcoin blockchain through a network of their own ElectrumX servers when conducting transactions.<\/p>\n<div id=\\\"attachment_112997\\\" style=\\\"width: 780px\\\" class=\\\"wp-caption aligncenter\\\"><img loading=\\\"lazy\\\" decoding=\\\"async\\\" aria-describedby=\\\"caption-attachment-112997\\\" class=\\\"wp-image-112997 size-full\\\" src=\\\"https:\/\/u1f987.com\/wp-content\/uploads\/electrumx.png\\\" alt=\\\"\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435: \u0445\u0430\u043a\u0435\u0440\u044b \u0443\u043a\u0440\u0430\u043b\u0438 1980 \u0431\u0438\u0442\u043a\u043e\u0438\u043d\u043e\u0432 \u0447\u0435\u0440\u0435\u0437 \u0444\u0435\u0439\u043a\u043e\u0432\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043a\u043e\u0448\u0435\u043b\u044c\u043a\u0430 Electrum\\\" width=\\\"770\\\" height=\\\"560\\\" srcset=\\\"https:\/\/u1f987.com\/wp-content\/uploads\/electrumx.png 770w, https:\/\/u1f987.com\/wp-content\/uploads\/electrumx-300x218.png 300w, https:\/\/u1f987.com\/wp-content\/uploads\/electrumx-768x559.png 768w\\\" sizes=\\\"auto, (max-width: 770px) 100vw, 770px\\\" \/><\/p>\n<p id=\\\"caption-attachment-112997\\\" class=\\\"wp-caption-text\\\">Source: ZDNet.<\/p>\n<\/div>\n<p>Fraudsters set up malicious ElectrumX servers and wait for a wallet to connect to them randomly.<\/p>\n<p>After that it prompts the user for a one-time password needed to send funds. Most users enter the requested code, assuming they are using the official Electrum version, thereby authorising the transfer of assets.<\/p>\n<p>The scheme has operated since 2018, during which the attackers stole another 202 BTC. Since then, the Electrum team has taken a number of steps to prevent attacks, including a blacklist system for ElectrumX servers and an update that prevents displaying HTML pop-ups to end users. But attackers continue to find loopholes, researchers noted.<\/p>\n<p>Earlier in April last year, Electrum users lost $4.6 million in bitcoins due to a large DoS attack.<\/p>\n<p>Follow ForkLog news on Telegram: <a href=\\\"https:\/\/t.me\/forklogfeed\\\" target=\\\"_blank\\\" rel=\\\"nofollow noopener noreferrer\\\">ForkLog Feed<\/a> \u2014 the full news feed, <a href=\\\"https:\/\/telegram.me\/forklog\\\" target=\\\"_blank\\\" rel=\\\"nofollow noopener noreferrer\\\">ForkLog<\/a> \u2014 the most important news and polls.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Criminals stole more than $23 million in bitcoins from users via a fake Electrum wallet update, researchers at ZDNet found.<\/p>\n","protected":false},"author":1,"featured_media":29997,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1909,57],"class_list":["post-29996","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-electrum","tag-wallets"],"aioseo_notices":[],"amp_enabled":true,"views":"22","promo_type":"1","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/29996","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=29996"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/29996\/revisions"}],"predecessor-version":[{"id":29998,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/29996\/revisions\/29998"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/29997"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=29996"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=29996"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=29996"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}