Electrum Bitcoin wallet users should ensure that they’re using the latest version and that it’s from an official source. If users find themselves urged to “update” by the client, they should know that there is no update mechanism within Electrum itself. This urging comes as the popular crypto wallet faces a massive DoS attack designed to trick users into installing Bitcoin-stealing malware.
Currently, a massive attack targets the hundreds of servers that service Electrum wallets. Previous attacks have netted hundreds of bitcoins.
Electrum is an SPV wallet, meaning that the user doesn’t need to have the entire Bitcoin database on their computer to use Bitcoin. They can quickly install Electrum, generate a wallet, and begin using Bitcoin (or Bitcoin Cash, Bitcoin SV, Litecoin, and even Dogecoin, all of which also have Electrum forks developed by third parties).
The attack is reportedly sending 25 gigabytes per second at various Electrum servers, to make them inaccessible. In this way, Electrum wallets – especially older ones – are more likely to connect to the malicious servers. Thomas Voegtlin, who created Electrum and still maintains it, told The Next Web that users of older versions are most at risk.
“Indeed, updated versions are not at risk, but the service might be temporarily unavailable. If that is the case, we recommend to users that they stick to the same server (disable auto-connect), until they eventually manage to open a session.”
Recently, Electrum launched a two-prong counter-attack on the consistent phishing and malware attacks against Electrum users.
For one thing, they submitted a list of fake domains to Google, who will prevent users from visiting it in the Chrome browser.
For another, they force unpatched, older versions of Electrum offline once they connect to a “legitimate” server. This urges the user to investigate the matter.
However, a messaging system within the Electrum protocol enables malicious servers to send a note that “updates” are required. If users install the forked version of the client and allow it access to their existing wallets, they will inevitably lose funds.
An unidentified security researcher reports that millions have already been stolen this way. Electrum attacks have gone on for years. However, when used correctly, Electrum is every bit as secure as any other crypto wallet. Protecting your private keys, using strong passwords, and keeping the software up to date is critical when dealing with cryptocurrencies.
Voegtlin and researchers believe that the denial-of-service attack may be a response to efforts which have thwarted their attacks. Voegtlin says that in current circumstances, assuming most people are using the latest official version of Electrum, attackers need more than just a connection. They also need compromised client software. The idea is to get people to install that client by falsely notifying them that they need an “update.” The effectiveness of this attack so far is stunning, but hopefully getting enough noise around the issue will encourage users to act more cautiously. Voegtlin says:
“Of course the attacker might be trying to take down legit servers in order to keep carrying out their phishing attack, but […] they do not simply need the user to connect to their server. What they need is a vulnerable client to connect exclusively to their servers, and that is a lot less likely.”
The official website of electrum is electrum.org. Any other site, unless it is explicitly for a fork of Electrum for another blockchain (such as Electrum Cash), is both non-official and potentially dangerous. If you’ve already updated your Electrum wallet to the latest version, you are encouraged to disable the “auto-connect” feature, by which the malicious servers could connect with you. A list of semi-reliable servers is available here. It may take some time, as the servers are under continual attack, but you should eventually get going with minor inconvenience.
It should be noted that forks of Electrum, such as Electrum Cash and Electrum SV, will invariably be vulnerable to the same attack vectors for some time. As such, it’s essential to use the same practices with these clients as well: connect to known non-compromised nodes and wait for a good connection if necessary.
Last modified: May 20, 2020 4:59 AM UTC