As per the tech news web-site ‘The Next Web’, the recent attack has caused users to lose estimatedly millions of dollars thus so far, with one person alone reportedly losing around $140,000 USD.
The ongoing DoS attack was allegedly launched by a malicious botnet of over a 140,000 machines, and aims to steal users’ Bitcoin by referring them to faux versions of the Electrum software version. Citing an anonymous security investigator, the article added that the recent DoS attack is deployed on a very higher level and was launched just a week ago.
As per The Next Web, the attackers have even enforced their own Electrum servers hosting alleged Electrum versions so as to realize the hack. When users synchronize their vulnerable [Electrum wallet] with a malicious server, they’re then redirected to “update” their client with a hacked version, that eventually ends up in a direct loss of funds that were contained within the previous versions, the report adds.
The lead Electrum developer named ‘Thomas Voegtlin,’ reportedly stated that the firm expects to resolve the matter within the upcoming hours or days. He stressed that users that are at the very best risk are those that download [Electrum] a long time ago and since haven’t updated the software since then.
Accordingly, Electrum’s ‘web-site‘ adds that the software versions prior to v3.3 can no longer connect with public servers and thereby must be upgraded, that could be a measure to stop user exposure to phishing messages. The web-site conjointly urges users to not download and install Electrum wallet software from any other source rather than [electrum.org].
Within the recent announcement on Twitter, Electrum outlined its users to disable the auto-connect feature options and choose their server manually, while the company is still working-out on a more robust version of the Electrum server so as to deal with this problem.
Earlier in Dec. last year, Electrum faced a similar ‘attack‘ that led to a loss of around $937,000 USD worth in Bitcoins [BTC]. This attack consisted of making a ‘faux version‘ of the wallet that tricks users into providing personal credentials.
Recently, YouTube was also ‘reported‘ to mistakenly run a malicious ad for the Electrum wallet, that once again contained a malware version of the software.
Just earlier this week, the WEF [World Economic Forum] ‘published‘ a blockchain cybersecurity report claiming that the majority of data breaches are caused by the scarcity of enforced security measures.