The team behind popular Bitcoin wallet service Electrum says it’s identified rogue lines of code on a bogus copycat called “Electrum Pro” that steal Bitcoin.
The new “Electrum Pro” has been operating under a deceptive “.com” domain instead of “.org”. It deceives wallet users by distributing fake Electrum binaries that extract a user’s seed words and private keys, and then sends them to a remote server.
This is not the first time Electrum’s website has been spoofed, but previous attempts were more obvious because the cloned websites used low-level tactics to trick users (i.e. swapping two letters of the url). The recent scheme is more elaborate.
According to Electrum,
“The scammers have managed to take control of the dot com domain, and they have developed a website with a slightly different design and logo. The authors have been claiming that they are developing a legitimate fork of the Electrum project, and that they are trying to improve user experience. The owners of ‘electrum dot com’ went as far as to claim that they are ‘currently undergoing a public security audit which will be released soon’.”
Electrum has posted a security notice on its website stating that the wallet vulnerability has been patched in version 3.0.5. Users are urged to update the software if running Electrum on an earlier version. The malware affects OS X and Windows versions of “Electrum Pro” only.
Electrum has detailed how to decompile the Electrum Pro Windows binaries here.
This recent hack is another reminder that the crypto community needs to stay informed and vigilant.