Anti-malware software firm Malwarebytes reports that Bitcoin (BTC) losses from attacks on cryptocurrency wallet Electrum now tally $4.6 million.
The cyber attacks first started in December 2018 when users were tricked into downloading malware disguised as software updates.
According to Malwarebytes,
“Initially, victims were being tricked to download a fraudulent update that stole their cryptocurrencies. Later on, the threat actors launched a series of Distributed Denial of Service (DDoS) attacks in response to Electrum developers trying to protect their users.”
“While these DDoS attacks have not been publicized much by mainstream media, they have undoubtedly caused millions of dollars in losses over the span of just a few months.”
Electrum is a popular Bitcoin wallet that was released in 2011. Aware of the vulnerabilities, the Electrum team urged users in March to upgrade their wallets, among other measures, and issued several warnings across the web.
Electrum clients older than 3.3 can no longer connect to public electrum servers. We started exploiting a DOS vulnerability in those clients, in order to force their users to upgrade, and to prevent exposure to phishing messages. Linux Tail users should download our Appimage.
— Electrum (@ElectrumWallet) March 15, 2019
Over 25k IP addresses are involved in DDoS against Electrum servers. They can be blacklisted by server operators, following these instructions: https://t.co/lEA8lg2X4B
— Electrum (@ElectrumWallet) April 10, 2019
“The number of victims that are part of this botnet is constantly changing. We believe as some machines get cleaned up, new ones are getting infected and joining the others to perform DoS attacks. Malwarebytes detects and removes ElectrumDoSMiner infections on more than 2,000 endpoints daily.”
In a separate incident, Motherboard reports that a hacker breached the email accounts of Microsoft users by fooling a customer support employee at Microsoft Outlook.
The hacker was able to use log-in information to access various, non-corporate Outlook, Hotmail and MSN accounts. As a result of the breach, one user claims to have lost “25,000” in crypto in an unspecified denomination.
Microsoft confirmed to TechCrunch that only a limited number of users were affected. A Microsoft spokesman says,
“We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators’ access.”
After the breach, the company alerted its users, suggesting that people reset their passwords.
According to a report by blockchain forensics and cryptocurrency intelligence company CipherTrace, cryptocurrency schemes and hacks are on the rise. The uptick has pushed losses to $1.2 billion for the first quarter of 2019, compared to $1.7 billion in losses for all of last year.
The 2019 Q1 figure includes $134 million in “exit scam” losses sustained by users of Canadian crypto exchange QuadrigaCX. Operators of the exchange say they can’t retrieve their customers’ funds because only one man, the company’s founder, knew the private keys that are required to access the crypto holdings. He died suddenly in December 2018.
The vast majority of the losses, $850 million, is attributed to iFinex, operator of crypto exchange Bitfinex and stablecoin Tether, which is accused of engaging in fraudulent activities amid a massive cover-up.