Posted on

Electrum Will Support Bitcoin Lightning Network, Wallet’s Creator Reveals

Thomas Voegtlin revealed the feature will come in an impending update at the ongoing BIP001 conference in Ukraine.

Bitcoin (BTC) wallet Electrum will soon host support for the Lightning Network (LN), Russian cryptocurrency news outlet Forklog reported on Telegram July 5.

In a social media update, the publication said founder Thomas Voegtlin had revealed the upcoming release at the ongoing BIP001 conference in Odessa, Ukraine

Electrum, one of the oldest bitcoin wallets on the market since 2011, said LN functionality would come as part of an impending major upgrade.

The most recent version of the wallet came earlier this week.

Electrum will be one of the first major wallets to bring LN to the mainstream, the technology itself still remaining in an experimental phase. 

A so-called ‘off-chain’ scaling mechanism, Lightning allows users to send each other bitcoin almost instantaneously, paying hardly any transaction fee. 

The technology gained considerable publicity in 2019 thanks to promotional soundbites by the likes of Twitter CEO Jack Dorsey, but is still broadly too technical for the average user.

Various products have emerged attempting to simplify the user experience, while Lightning developers themselves frequently release improvements of their own. 

Last month, crypto payments startup Bitrefill rolled out LN features on behalf of U.S. wallet provider Coinbase.

Posted on

‘Free Bitcoin’ Scam Propagated on YouTube Steals Crypto via Clipboard Hijacking

A trojan is being propagated on YouTube via fraudulent videos about an allegedly free bitcoin generator which attempts to steal crypto and personal data.

The Qulab information-stealing and clipboard hijacker trojan is being propagated on YouTube via fraudulent videos about an allegedly free bitcoin (BTC) generator, BleepingComputer reports on May 29.

According to the report, security researcher Frost reached out to BleepingComputer about the trojan scam, saying that YouTube would take down the fraudulent videos when reported, but new accounts and videos would subsequently pop up with the same MO.

The videos reportedly describe a tool that lets users earn free bitcoin, with a link in the video description. The links then direct to a download for the alleged tool, which is the Qulab trojan. After downloading, the trojan actually needs to be installed in order for it to be deployed.

In addition to attempting to steal a plethora of user information, the Qulab trojan will also reportedly attempt to sneakily steal cryptocurrency for the bad actor by scanning for strings copied to the Windows clipboard which the program recognizes as crypto addresses, and then substituting in the attacker’s address instead.

If a user pastes that string into a website field to specify where their funds are spent, they will paste in the attacker’s string instead and direct the funds there.

The warning indicates that this is a viable strategy, since users are reportedly unlikely to remember or visually register that their intended crypto address — a long string of characters — has been swapped out for a different one.

According to a report by Fumko, there is a long list of crypto addresses the trojan can recognize, including ones for bitcoin, bitcoin cash, cardano, ether, litecoin, monero, and more.

As previously reported by Cointelegraph, YouTube purportedly advertised malware disguised as an advertisement for bitcoin wallet Electrum in March. Reddit user mrsxeplatypus described the scam, predicated on URL hijacking, as follows:

“The malicious advertisement is disguised to look like a real Electrum advertisement […] It even tells you to go to the correct link (electrum.org) in the video but when you click on the advertisement it immediately starts downloading the malicious EXE file. As you can see in the image, the URL it sent me to is elecktrum.org, not electrum.org.”

Posted on

YouTube Reportedly Runs Malicious Ad for Bitcoin Wallet Electrum by Accident

Google-owned video-sharing platform YouTube reportedly ran a malicious ad for the Electrum Bitcoin wallet by mistake.

Video-sharing platform YouTube purportedly ran a malicious advertisement for Bitcoin (BTC) wallet Electrum by mistake, according to a Reddit post published on March 26.

Viewers interested in the advertisement were redirected to a malicious link using a common scamming method called typosquatting or URL hijacking. In the Reddit post, a user named mrsxeplatypus warned the public about the promotion of a malware version of Electrum, and described how the scam ad worked:

“The malicious advertisement is disguised to look like a real Electrum advertisement […] It even tells you to go to the correct link (electrum.org) in the video but when you click on the advertisement it immediately starts downloading the malicious EXE file. As you can see in the image, the URL it sent me to is elecktrum.org, not electrum.org.”

Technology-focused news site The Next Web reported that Google, which owns YouTube, has since taken appropriate actions against the advertisement.

In February, users of cryptocurrency wallets Electrum and MyEtherWallet reported that they were facing phishing attacks. One user on Reddit found that a phishing scam attempting to steal sensitive data from Electrum customers was posing as a security update.

Redditor exa61 then posted a picture of a system message, allegedly from Electrum wallet, requiring a security update to Electrum 4.0.0, while the latest version of the wallet was Electrum 3.3.3 at the time.

Earlier in March, a Google Chrome browser extension dubbed NoCoin tricked users into participating in a fake airdrop from cryptocurrency exchange Huobi, claiming over 230 victims. Hackers had purposely disguised the malicious extension to look like a tool protecting users from cryptocurrency malware or so-called cryptojacking.

Posted on

Bitcoin Electrum Wallet Attacked: Hacker Steals 200 BTC

Nearly $1M In Bitcoin (BTC) Stolen

An anonymous hacker (or consortium of hackers) have purportedly stolen nearly $1 million worth of Bitcoin (BTC), reports technology media outlet ZDNet. Per the report, the Electrum Wallet, a popular open-source project founded in mid-June 2011, was breached in a “clever attack.”

The attack, which has since been confirmed by the team behind the venture, purportedly consisted of a false message appearing on users’ official Electrum-based applications, which beckoned consumers to visit a site.

If the link stipulated was clicked, it would lead victims to a seeming Electrum-branded GitHub repository, which contained a malicious version of Electrum that would steal consumers’ Bitcoin holdings.

This specific attack purportedly began on December 21st but was recently ended (maybe only temporarily) by GitHub admins, who purged the malicious download files. But how exactly did the attack work?

Well, as explained by ZDNet, the hacker purportedly added dozens of “malicious servers” to the Electrum network, so when a user intends to make a transaction, the hacker-backed server replies with an error message that asks users to visit the false GitHub. When downloaded, the app would request for users to input a 2FA code, which was routed to the attacker, subsequently allowing BTC to be snatched.

Electrum admins have purportedly since disallowed the message from being mostly legible, so this medium of attack is likely breathing its last breaths. Yet, the fact of the matter is that in the end, the hackers netted 200+ BTC, approximately valued at ~$740,000 at the time of writing. Other reports indicate that the attack garnered 250+ BTC for hackers, but these numbers haven’t been confirmed.

Not The First Attack On Electrum

Interestingly, this isn’t the first time that the popular wallet solution has been attacked by bad actors. Earlier this year, in early-May, the Bleeping Computer reported that the Electrum team had seen an unnamed individual/group create a copycat of their flagship product, naming it “Electrum Pro.”

The app, which closely resembled its bonafide counterpart, was exposed as a vector of attack that malicious individuals can exploit, stealing Bitcoin private keys in the process.

In a post-mortem of the attack (of sorts), which went on for upwards of two months, it was explained that there were a number of glaring red flags. Electrum Pro purportedly used Electrum’s brand and logo without permission, while also purchasing the rights for the Electrum.com domain, which was near-identical to the legitimate group’s .org domain name.

Following analysis, it was also revealed that in Pro’s code, specifically lines 223-248 of electrumpro_keystore.py, a system was integrated that allowed attackers to upload users’ keys for nefarious purposes. While the Electrum Pro attack has since been dismantled, the two aforementioned cases show how hackers are still poised to attack the cryptosphere, even amid a bear market.

Title Image Courtesy of Luca Bravo on Unsplash

The post Bitcoin Electrum Wallet Attacked: Hacker Steals 200 BTC appeared first on Ethereum World News.

Posted on

Phishing Attack on Electrum Wallet Nets Hacker Almost $1 Million in Hours, Report

Phishing attack on crypto wallet Electrum has claimed multiple victims and allows the perpetrator to empty Bitcoin wallets.

A reportedly ongoing hack against cryptocurrency wallet Electrum has seen a malicious party steal almost 250 Bitcoin (BTC) (about $937,000), commentators reported on social media Dec. 27.

Subsequently confirmed by Electrum itself, the attack consists of creating a fake version of the wallet that fools users into providing password information.

“The hacker setup a whole bunch of malicious servers,” Reddit user u/normal_rc explained:

“If someone’s Electrum Wallet connected to one of those servers, and tried to send a BTC transaction, they would see an official-looking message telling them to update their Electrum Wallet, along with a scam URL.”

Affected users report trying and failing to log in to their wallets after providing their two-factor authentication code — something Electrum does not in fact request during login. The hackers then empty the wallet balance.

“[W]hen I logged on it immediately asked me for my 2 factor code which I thought was a little strange as well as Electrum usually only asks for that when you attempt to send,” one victim continued in another Reddit post, adding:

“I kept trying to send and kept getting an error code ‘max fee exceeded no more than 50 sat/B [satoshis per byte]’ I then restored my wallet on a separate pc and found that my balance had been transferred out in full[.]”

According to u/normal_rc, several addresses are feeding into one main holding address, which currently contains 243 BTC.

Electrum posted about the incident on Twitter today, stating “[t]here is an ongoing phishing attack against Electrum users” and implored users to check the validity of the resource they were logging into.

“Our official website is https://electrum.org[.] Do not download Electrum from any other source,” the tweet continued.

Wallet hacks are less frequent than those afflicting online exchanges, several of which — most notoriously Japan’s Coincheck — have lost users hundreds of millions of dollars in 2018.

Posted on

South Africa Pick n Pay Online Retailer to Accept Bitcoin

In what is called one of the largest wins for Bitcoin in the country, the Pick n Pay in Cape Town will accept the cryptocurrency for payments starting today. 

The payment system is being powered by Electrum, a software platform created to process payments in different currencies. Jason Peisl, IS executive at Pick n Pay, said:

“At Pick n Pay one of our key values is to embrace change and encourage innovation and leadership. Cryptocurrency and Bitcoin are still relatively new payment concepts, yet we have been able to effectively demonstrate how we are able to accept such alternative payments.”

Widening Acceptance

As the growth in payment methodologies continues, the overall currency value of Bitcoin continues to grow as well. This is a critical aspect of increasing mainstream acceptance, and increasing liquidity as well. 

Liquidity and mainstream acceptance produce greater levels of awareness, and therefore greater levels of use. This process has been referred to as a ‘virtuous satoshi cycle.’  Despite substantial negative news, acceptance appears to be growing for Bitcoin.