Phishing Attack on Electrum Wallet Nets Hacker Almost $1 Million in Hours, Report

A reportedly ongoing hack against cryptocurrency wallet Electrum has seen a malicious party steal almost 250 Bitcoin, commentators reported on social media Dec. 27.

Subsequently confirmed by Electrum itself, the attack consists of creating a fake version of the wallet that fools users into providing password information.

"If someone's Electrum Wallet connected to one of those servers, and tried to send a BTC transaction, they would see an official-looking message telling them to update their Electrum Wallet, along with a scam URL.".

Affected users report trying and failing to log in to their wallets after providing their two-factor authentication code - something Electrum does not in fact request during login.

"I kept trying to send and kept getting an error code 'max fee exceeded no more than 50 sat/B ' I then restored my wallet on a separate pc and found that my balance had been transferred out in full[.]". According to u/normal rc, several addresses are feeding into one main holding address, which currently contains 243 BTC. Electrum posted about the incident on Twitter today, stating "[t]here is an ongoing phishing attack against Electrum users" and implored users to check the validity of the resource they were logging into.

"Our official website is https://electrum.org[.] Do not download Electrum from any other source," the tweet continued.

Wallet hacks are less frequent than those afflicting online exchanges, several of which - most notoriously Japan's Coincheck - have lost users hundreds of millions of dollars in 2018..