The piggy Bank of hackers who have been exploiting the vulnerability of the Electrum bitcoin wallet for many months has been replenished with another $32,000.
According to the Whale Alert service, on November 13, another transfer of 2,042 BTC was received to one of the hackers ' confirmed addresses. According to data from the cryptocurrency blockchain, the specified address has been used since mid-2019. During this time, more than 106 BTC worth $1.7 million were transferred to it at the current exchange rate.
In mid-October, damage from the Electrum vulnerability was estimated at more than $22 million. Attackers have been exploiting it since at least December 2018. In August, one user reported that he lost 1,400 BTC, or about $16 million at the exchange rate at that time and over $22 million now, by downloading a vulnerable version of the wallet.
To process transactions, Electrum connects to the bitcoin blockchain through its own network of user-supported servers. Attackers use this feature of Electrum to launch malicious servers in anticipation of unsuspecting users accidentally connecting to them. After that, they display a message on the screen of the cryptocurrency holder that they need to click on the specified link to update the wallet.
After downloading the wallet from this link, the user installs a modified version of Electrum on their computer. At the first launch, the wallet asks you to enter a one-time password. It is enough to steal bitcoins from the victim. Since the problem was discovered, Electrum developers have taken several measures to protect users, but it is still contained in older versions of the wallet.