An anonymous hacker, or a consortium of them, have reportedly stolen nearly $1 million worth of Bitcoin (BTC), reports from technology media outlet ZDNet.
According to the reports, a popular open-source project founded in mid-June 2011, Electrum Wallet was breached in a clever attack.
Since confirmed by the team behind the venture, the attack reportedly consisted of a false message appearing on electrum users’ official Electrum-based applications, that beckoned consumers to visit a site.
Electrum took to Twitter –
This specific attack on Electrum Wallet reportedly commenced on December 21st, but was recently ended by GitHub admins. The admins purged the malicious downloads files on the platform.
How Exactly Did The Attack Work?
As explained by ZDNet, the hacker reportedly added a bunch of malicious servers to the Electrum network. Each time a user intends to make any transaction, then the hacker-backed server replies with an error message asking users to visit the false GitHub.
When downloaded, the app would send a request for the users to input a 2FA code, that was routed to the attacker, subsequently allowing Bitcoin to be snatched.
However, Electrum admins have reportedly disallowed the message from being mostly legible, so this medium of attack is most likely breathing its last breaths.
Still, the fact is that in the end, the hackers netted 200+ BTC, approximately valued at $719,386 at the time of writing.
Other reports show that the attack garnered 250+ BTC for hacker, however, these numbers haven’t been confirmed.
Interestingly, this isn’t the first time that a popular wallet has come under the attack by bad actors. In the early 2018, the Bleeping Computer reported that the Electrum team had seen an unnamed individual or group to create a copycat of their flagship product aas “Electrum Pro.”