Electrum Wallet Attack May Have Stolen As Much as 245 Bitcoin

A phishing attack on the Electrum wallet network has possibly managed to steal around 245 bitcoins, worth over $880,000 at today's prices.

Warning of the attack on Thursday, the firm tweeted: "There is an ongoing phishing attack against Electrum users. Our official website is https://electrum.org Do not download Electrum from any other source."

The bad actor set up the attack by creating multiple fake servers on the Electrum wallet network.

As a result, when wallet users that connected to those servers attempted to broadcast a bitcoin transaction, they received an error message providing a malicious link to malware disguised as an updated wallet, the firm explained.

Electrum said that "To make the attack more effective, the attacker is creating lots of servers, hence increasing the chance a client would connect to him."

A Reddit user posted a bitcoin address Thursday that they said the attacker is using to consolidate the stolen cryptocurrency from several addresses used in the attacks.

If true, 245 BTC have been taken in this attack, an amount worth $884,000 at press time.

Electrum has moved to mitigate the problem and has released a new version of its wallet 3.3.2, it said on the Github page, adding that "This is not a true fix, but the more proper fix of using error codes would entail upgrading the whole federated server ecosystem out there."

"We did not publicly disclose this until now, as around the time of the 3.3.2 release, the attacker stopped; however they now started the attack again."

According to a recent report from blockchain security firm CipherTrace, nearly $1 billion.