Electrum Botnet Steals $4.6m in Bitcoin From Over 150,000 Victims

The cryptocurrency community remains subject to a lot of potential scams in this day and age. Although that is nothing new, it would appear some of these attacks are a lot more successful than others. One recently discovered “Electrum botnet” has successfully stolen $4.6m worth of Bitcoin from victims in recent months. It is expected over 150,000 users have been infected by this malware already.

Beware of the Electrum Botnet

When it comes to dealing with cryptocurrencies and their associated wallets, nearly all projects have a version of Electrum available to its users. In the case of Bitcoin, it would appear the Electrum wallet has been very popular for some time now, which also makes it a prone target for criminals and individuals with nefarious intentions. It would appear a dedicated botnet is now targeting these users, and is doing so in a rather successful manner as well.

Most of these attacks have been apparent since December of 2018. A bit of odd timing, considering how the Bitcoin price has tanked significantly since late 2017. One would expect criminals to go after users of this wallet when one BTC is valued at $19,000, rather than near the $4,000 range. Even so, a total of roughly $4.6 million has been stolen to date, which further confirms the efforts have paid off in spades already.

The botnet in question operates in a pretty interesting manner.  It would appear the attackers have spun up several malicious Electrum nodes. These malicious nodes display an error to legitimate Electrum wallet apps, telling them to download a new version of the client. While the new client can be downloaded from GitHub, it is not through the official Electrum repository.   Most users should be able to tell the difference right away, but novice wallet users might not be aware of which repository is legitimate.

It is evident the Electrum team is all too aware of what is happening tot heir network. In recent times, the team has mimicked the approach by these criminals to display error messages in users’ wallets and force them to update through the legitimate GitHub repository. Moreover, the team has ensured clients on versions before 3.3 can no longer connect to public servers accordingly.

Although the fake upgrade message looks as legitimate as one would expect, it is evident users need to conduct their own research first and foremost. When downloading software updates, it is always best to do so through the official website, rather than following links shared through the application itself. It is a slight workaround, but if it can keep funds safe, users should not be too bothered by this handful of extra steps.

Despite the best attempts by the Electrum team, Malwarebytes has confirmed the number of infected machines running the illegitimate client continues to increase every month. While the numbers tend to fluctuate a bit, it would appear most of the victims reside in the Asia Pacific region, Brazil, and Peru. Additionally, the number of infection vectors remains unclear, as only three of them have been uncovered so far. However, it is expected there could be as many as a dozen vectors or even possibly more.

Disclaimer: This is not trading or investment advice. The above article is for entertainment and education purposes only. Please do your own research before purchasing or investing into any cryptocurrency.