While the attacks seem to have come to a halt, Electrum Devs say the hackers can launch new exploits since the issue hasn’t been permanently fixed.
Electrum is a Bitcoin wallet which doesn’t require the user to download the full blockchain. Instead, servers remotely provide users with the blockchain and they access it through their wallet. It is one of the most popular Bitcoin wallet implementations and forks of it for both versions of Bitcoin Cash as well as Litecoin, Dogecoin, and Dash have been created over the years.
The method used to cause the damage
The hackers added the affected servers to the Electrum wallet network. Later, when any user tried to perform a Bitcoin transaction, it would reach one of these illegal servers which would then send a message to the user within the wallet application prompting them to download and install an update. Those innocent users who followed the instructions were directed to the hacker’s GitHub page.
The news of the attack first appeared on GitHub via one of Electrum’s developers code-named SomberNight.
The resulting download was actually malware disguised as a new version of the Electrum wallet. The installed malware then prompted users to enter their two-factor authentication codes. This allowed the attackers to then use the authentication codes and steal bitcoin by transferring funds to their own bitcoin address.
After this attack, Electrum has temporarily modified its software and released an update with effect to the modification done. It said that “This is not a true fix, but the more proper fix of using error codes would entail upgrading the whole federated server ecosystem out there…”
