Hackers have launched a 140 000-machine botnet DoS (denial of service) attack against servers hosting popular Bitcoin wallet service Electrum, Hard Fork reports, and millions of dollars of Bitcoins have already been stolen from Electrum wallet users as a result.
Electrum is a bitcoin “hot wallet” connected to the Internet. “Cold wallet” hardware devices store cryptocurrency private keys offline.
According to cybersecurity firm Imperva, “a botnet is a group of hijacked Internet-connected devices, each injected with malware used to control it from a remote location without the knowledge of the device’s rightful owner.”
The “heavy attack” on Electrum, which began last week, is apparently designed to force users off the legitimate servers and redirect them to servers controlled by the hackers.
Those servers reportedly host “backdoored” counterfeit versions of Electrum wallet software “updates,” which unsuspecting users are prompted to download.
If these fake versions are downloaded, Hard Fork says, “all funds contained in the old versions are immediately lost.”
A security researcher commenting on the hack told Hard Fork that the attack is uncommonly large:
“The total amount stolen is in the millions of dollars so far, with a single person alone losing almost $140,000, based on our analysis…“The DoS attacks are a new level…People have seen 25 Gigabits per second worth of traffic being flooded at community run servers.”
Electrum users have been asked to be extraordinarily careful and have been advised that service interruptions could continue for several hours or days as system administrators work to contain and remediate damage caused by the attack.
According to Hard Fork, this is not the first attack on the Electrum bitcoin wallet service.
“Bitcoin phishing has actually plagued the Electrum community for months. Indeed, Trojan horse electrumstealer and its variants are thought to have already stolen millions of dollars worth of Bitcoin from unsuspecting Electrum users.”
Electrum says that users of older versions of Electrum are the most vulnerable in the current attack, but they also state that even users of the most current version may be bounced off the good servers while an attack is under way.
Hard Fork writes that, “Currently, Electrum has no auto-update mechanism, so it will continue to run old and vulnerable versions until users manually upgrade the client themselves.”
For now, writes the outlet:
“…(T)o be safe, users are encouraged to strictly download Electrum software from the electrum [dot] org domain and its official GitHub repository…Installing and updating Electrum clients from only these locations is said to be the main method of protection against these attacks.”
The latest attack may have been developed by hackers frustrated about Electrum’s success with resolving issues with the Trojan horse electrumstealer phishing exploit.
Electrum development lead Thomas Voegtlin told Hard Fork:
“We are not sure what motivates the attacker; it might be some kind of retaliation, after we took steps last month in order to prevent phishing attacks…This counter-attack has been effective against phishing, because it does not require a lot of legit servers; if you randomly connect to 10 servers, the chance that at least one of them is performing the counter-attack is very high.”