I typically just stick to content related to web design and search engine optimization on this blog. But from time to time I will post an article about scams that are taking place in the virtual world. Today is an especially unique blog for me in that it will be the first time that I discuss cryptocurrency on this platform.
As you probably know by now, cryptocurrency is basically internet money. People use it by sending it to one another at which point they can exchange it for the fiat currency of their choice. It uses a technology called blockchain to complete the transaction.
The purpose of this blog is not to delve too deeply into the blockchain or cryptocurrency but instead to warn of a scam that is affecting people using the crypto-wallet called Electrum. It should be noted that crypto scams in general cost crytpocurrency owners $1B in 2018. But, this scam is particularly effective because it comes directly from the server in which you are connected and at the exact time you are using your wallet.
Apparently hackers were able to compromise some of Electrum’s servers and insert a malicious program. When you contact this server with your Electrum wallet while trying to send BTC, it sends you as notice that your wallet is outdated and that you need to download the new version. It then provides you with a very legitimate looking url to do so. “myelectrumwallet.info” (There have been variations of this url).
After this spoof program is downloaded, the program will ask for your log in credentials. Once you enter them you have been compromised. The hacker now has access to your funds. And the unregulated nature of crytpocurrency allows many scammers to get away with this sort of thing.
This scam in particular has been successful and very costly to its victims. Back in December one Electrum user lost nearly $1M to this scam. Can you imagine?
So what can you do?
- Make sure you have the latest version of your wallet software. Electrum has newer versions of its software that are not vulnerable to this attack.
- Make sure you are running a good anti-virus program. Many times these programs will catch these downloads as a threat.
- Anytime you are prompted for your user and password, sit back and analyze the situation. Trace your steps. Does something seem fishy? Do some Google searches.
- Never trust any domain name that isn’t the real domain name of the company you are using. In this case “Electrum.org“.
Lead Developer at Olympus Web. I started this company in 2002. I specialize in Search Engine Optimization and building websites for small businesses.