The ability to move cryptocurrency seamlessly across the world makes it a target for hackers and criminals lurking around in the cyberspace looking to make some quick bucks. Fake wallets created in an attempt to steal the funds of unsuspecting users is nothing new when it comes to the world of cryptocurrencies.
Most recently a deceptive Electrum Wallet which has nothing to do with the official crypto project has been found circulating the software development platform, GitHub.
Electrum is an open source crypto wallet project that allows anyone to use its code to develop their own version of the project. The malicious Electrum wallet clone, it seems, has been used by developers to dupe people rather than offer a genuine wallet solution.
Researchers who found this particular wallet doing the rounds of GitHub have been able to ascertain that it is hosted on E-Xodus, a Russian web host. The deceptive website stands out because rather than use the regular ‘.org’ domain extension, it uses ‘.one.’
There’s a possibility that the web host E-Xodus has been compromised by hackers. However, there may be more than meets the eye as the GitHub repository is also uniquely named ‘Electrvm’ instead of the usual ‘Electrum.’
It is good to know that most people will not be able to download the fake Electrum wallet as EthAddrLookup and Metamask have already taken action on the website and blacklisted it. The ostentatiously fake wallet also doesn’t pose many chances of deceiving the knowledgeable.
Even though it has just come into the cognizance of the community, the dubious wallet may have been floating around for quite some time now as the fraudulent Electrum.one domain has been found to have been registered several months back.
While there have been no known victims of the Russian hosted Electrum wallet, however, this will not be the last time that criminals attempted to dupe crypto users. I think it is important for users to stay very careful when it comes to crypto wallets. It is also important to bring awareness to the community that not every repository hosted on GitHub is legitimate.