As per recent reports which were published on 7th April, Electrum, which is a Bitcoin (BTC) wallet service is facing an ongoing Denial-of-Service (DoS) attack on its servers. The Next Web reported that the attack had led to users losing approximately millions till date, with a single person alone reportedly losing about $140,000.
The ongoing DoS attack had apparently been launched by a malicious botnet of more than 140,000 machines with the sole aim to steal users’ Bitcoin by referring them to fake versions of Electrum software. The article cites an unnamed security researcher and mentions that the recent DoS attack is deployed on a new level and was launched about a week ago.
According to The Next Web, the attackers have even implemented their own Electrum servers hosting compromised Electrum versions in order to realize the hack. According to the report, it seems that what happens is after the users sync their vulnerable Electrum wallet with a malicious server, they are required to “update” their client with a hacked version, which eventually leads them to an immediate loss of funds that were contained in the old versions.
Thomas Voegtlin, a lead Electrum developer said that the firm was expecting to figure the matter out in the coming hours or days and emphasized that users who downloaded Electrum a long time ago and have not updated the software since are at a higher risk. Electrum, in a recent announcement on Twitter, advised its users to disable the auto-connect option and select their server manually, Meanwhile, as the company reiterated, they are working on a more robust version of the Electrum server in order to fix the issue.
In December 2018, Electrum had faced a similar attack which had led to a loss of about $937,000 worth in Bitcoin. The attack had consisted of building a fake version of the wallet that tricks users into providing password information.