A Bitcoin user claims to have lost 1,400 BTC after downloading an old version of the Electrum wallet

By Selena On Aug 31, 2020

An Electrum user claims to have lost 1,400 BTC ($16,302,020 at press time) by downloading an old version of the popular software wallet that is running on malicious servers. But how were hackers able to make off with this user’s cryptocurrency? And what can others do to avoid the same situation from happening to them?

A Bitcoin user claims to have lost 1,400 BTC after downloading an old version of the Electrum wallet

Whoever was responsible for allegedly stealing a cryptocurrency fortune made the transaction on Aug. 29, paying $36.89 in fees.

According to the appropriately named GitHub user ‘1400BitcoinStolen,’ the enormous sum of BTC matching his username is now gone in part of a hack involving the Bitcoin wallet Electrum.

The fault is not of Electrum’s nor the user’s, but it does put a spotlight on the importance of two key issues. The user utilized Electrum software from the last time they accessed their BTC in 2017. Electrum has since issued security updates that this user hasn’t yet installed.

pic.twitter.com/G4gPwa7pxw

— Ben Verret⚡ (@verretor) August 30, 2020

Before they could move their Bitcoin, they were prompted to update and patch potentially critical issues. But when they did, the software contacted the hacker’s server using an exploit that the real security update would have likely prevented. 1400 BTC was immediately emptied from the wallet and into the hacker’s – a somber reminder to always keep software up to date.

Because Electrum is a “light client,” software engineer Ben Kaufman explains in a deeper Twitter thread on the subject that this means the software must connect to a public server before it is then be connected to the blockchain.

It’s this trusted third-party acting as a middle man where hackers were able to exploit the process – the other key reminder never to trust third-parties with your private keys.

This unfortunate user likely can’t get their funds back, but others have been luckier. For those that experience this issue and act fast enough can potentially “double-spend” over the transaction if the hacker used a low enough fee. For everyone else, let this be a reminder to keep your software up to date and to rely on cold storage methods whenever possible.

The Electrum hack made plenty of headlines in early 2019

The Electrum hack made plenty of headlines in early 2019 bad actors launched an army of botnets to target the wallet’s network. The bad actors successfully performed a Sybil attack by crowding out legitimate servers with malicious ones.

At one point, nearly 71% of all nodes were controlled by the attackers, with users receiving fake error messages that require downloading malware-infected wallet software camouflaged as a security update.

According to Malwarebytes Labs, the hackers were able to steal seed data and upload it to a remote server:

“In addition to the theft of wallet data, any balance present in the wallet is sent to one of several pre-programmed public addresses under the control of the attackers. The destination address chosen is dependent on the address format utilized by the infected users’ Electrum wallet.”

In an upgraded version of their software, they even went as far as disabling Replace-by-Fee (RBF) transactions that can be reversed before miners confirm a block.

Back then, Electrum developer Thomas Voegtlin urged all users to update their software but it appears that not everyone paid heed to his words.

All versions of the wallet that are older than 3.3.4 are vulnerable to such phishing attacks.

“Electrum wallet users need to update the software to the latest version (3.3.4) from the official repository and be particularly careful with the update or other warning messages that could be disguised phishing attempts.”

Read more: