BTC: $4,086.34 +1.01%
ETH: $140.47 +1.04%
XRP: $0.31833 +0.88%
MARKETCAP: $141,689,324,307
24H VOL: $33,199,255,275
BTC: 51%

Phisher Uses Electrum Wallet To Push Fake Software Update

Phishing lock

A major vulnerability has been exposed in Electrum, a leading Bitcoin wallet with several forks that are compatible with other cryptocurrencies. This is the second Electrum bug in a single year, and the crypto community is now debating the merits of the wallet. How can the phishing attack be avoided, and is the Electrum wallet still secure?

How the Attack Works

An issue posted to Electrum’s GitHub page explains the nature of the bug. Essentially, many Electrum users connect to a remote node when they use their wallet. Anyone who hosts one of these remote nodes is able to send an error message and disguise it as an update notification. This message urges users to install a new version of Electrum, as seen below:

The wallet repository linked in the above image looks extremely authentic, but it is in fact fake. Although the repository has since been flagged and deleted, it is possible that another fake wallet could emerge elsewhere, allowing the phishing campaign to persist.

So far, Electrum’s developers have only mitigated the problem: the current fix removes the capacity for error messages to contain rich text and hyperlinks. This means that it will be harder for phishers to convince users to follow an unsafe link. This is merely a temporary patch; a more thorough solution will be introduced in the future.

Suggested Reading Learn about the most secure crypto wallets.

The Problem With Phishing

Crypto wallets are a popular target for phishers. Nearly identical wallets can be built easily, allowing phishers to steal private keys from those who download the fake software. Once a fake wallet has been created, a phisher only needs to distribute it — usually through app stores, GitHub, or a custom website. Sometimes the fake wallet will be publicized on social media as well.

Several prominent wallets have been targeted this way: MyEtherWallet, MetaMask, OWallet, Jaxx, and many others have all been targeted by phishers over the past year. However, these phishing campaigns were carried out on third-party platforms and communication channels, while Electrum’s phishing campaign was carried out through the wallet itself.

The fact that Electrum allows node operators to send any message they want is a major security oversight to say the least. But despite this problem, the community is locked in a debate: are users to blame for their lack of vigilance, or are Electrum developers to blame for overlooking a security hole?

There is no easy answer, since any communication channel can potentially be used to orchestrate a phishing campaign — although messages that come directly from a wallet are, naturally, more dangerous. Regardless, the way that you can avoid phishing is always the same: ensure that you are downloading your wallet from the correct source.

Join the NEW Unhashed Telegram or Follow Unhashed on Twitter for the Latest Cryptocurrency News Updates!

Bitcoin Bitcoin $4,086.34 +1.01%
Ethereum Ethereum $140.47 +1.04%
XRP XRP $0.32 +0.88%
Litecoin Litecoin $60.53 +1.42%
EOS EOS $3.74 +0.47%

Subscribe for the latest cryptocurrency news

Please enter a valid email address.
Something went wrong. Please check your entries and try again.

More Crypto News

Best Tether Wallets in 2019

January 14, 2019

Tether (USDT), the world’s most popular stablecoin, is designed to give users the stability of…

The 5 Best Stellar Wallets In 2019

January 3, 2019

Stellar and its XLM token were first launched in 2014 by Ripple co-founder Jed McCaleb.…

Best Bitcoin Cash Wallets in 2019: Picking a Bitcoin Cash Wallet for Your Needs

December 6, 2018

Bitcoin Cash (BCH), the controversial project forked from the original Bitcoin client, is now the…

Subscribe for the latest cryptocurrency news

Please enter a valid email address.
Something went wrong. Please check your entries and try again.
Scroll Up