The user could become a victim of the so-called “Sibyl attack”, during which he was forced to connect to a server controlled by the hacker.
One of the users of the Electrum bitcoin wallet lost 1,400 BTC ($ 16.4 million at the current exchange rate) after installing an old version of the software. The investor under the pseudonym 1400BitcoinStolen told about this in a post on GitHub.
According to him, he acquired the cryptocurrency in 2017, and from that moment he had not entered the wallet any longer. When the user decided to transfer part of the funds, he faced a problem – the wallet did not allow him to carry out the transaction, requiring the update of the software to the current version in order to ensure security. After its installation, the wallet independently initiated the transfer of all user’s funds to the address that belonged to the hacker.
The head of the blockchain company Blockstream, Adam Back, suggested that the notification and the update itself came from a malicious server to which the user accidentally connected. Back may be right – perhaps 1400BitcoinStolen was the victim of the so-called “Sibyl attack”. The early versions of Electrum were vulnerable to it.
Sibyl Attack is a type of peer-to-peer attack in which the victim connects to the nodes controlled by the attackers. Electrum users have already become victims of a similar attack: in April 2019, the wallet’s servers were subjected to a massive DDoS attack, the purpose of which was to redirect users to the attackers’ servers.
The members of the network who connected to fake servers were offered software updates – this is how the malware was spread. During this attack, users lost about $ 4.6 million.
The vulnerability exploited then was removed by the developers, but it still remained in older versions of the software.
By now, hackers have already started crushing the stolen cryptocurrency in order to launder and withdraw money in the future. The head of the Binance cryptocurrency exchange, Changpeng Zhao, said his company had already blacklisted addresses related to the attack.
The deceived investor, in turn, turned to the Confirm analytical company with a request to track down the stolen cryptocurrency. At the time of publication of the material, he expects a response.