- Electrum is not 100% secure, even the best of the technologies has loopholes.
- This loophole was found by the Securities in late December of 2018 when users of the Electrum Platform started getting “update prompts”.
- Phishing attack is something which steals sensitive information such as credentials and other passwords by starting with social engineering.
Even the best of the technologies has loopholes. Nothing is 100% secure, and the same is the case with the Electrum, the Bitcoin wallet. This loophole was found by the Securities in late December of 2018 when users of the Electrum Platform started getting “update prompts”.
What happened is that as users used their Bitcoin wallets for transaction purposes, there used to come to pop-ups regarding the update of the platform which most people are likely to accept. But did this keeping the up-gradation of the app, but what they didn’t know was the download carried a malware threat.
According to a recent study, it is seen that one of the attacker’s wallet address, bc1qcygs9dl4pqw6atc4yqudrzd76p3r9cp6xp2kny, of Slow Mist Anti-Money Laundering (AML) system has stolen over 30 BTCs and is also currently active. It has been continuing for the past six months and has affected many users.
This malware could later result in a phishing attack, thus paving the way for the coin theft attack. Anyone having an older version of Electrum, other than 3.3.4, are prone to this attack.
The newer creators of the more original version and the platform as a whole mention that they do not rule out similar threats to carried out in the newer version.
Talking of the “update prompt”, this is not a professional behaviour of Electrum. This is instead a phishing attack which allows the hacker to deploy malicious code into the ElectrumX server, via a message defect between the client and the server.
This phishing attack is something which steals sensitive information such as credentials and other passwords by starting with social engineering.
Since Electrum is a light wallet, the servers of Electrum, the ElectrumX, have to broadcast the transactions at a time, taking advantage of the fact, the malware has affected millions, and hundreds of Bitcoins have stolen.
In 2019, the officials had mentioned that they would try to fix this issue of phishing attacks in the further legitimate updates of the application. They said that the problem of unnecessary update prompts would be fixed and the patch would also be able to blacklist those malicious sites if encountered.
Moreover, the users are advised to only download applications from the official websites and check GPG signatures in advance to prevent these attacks.