A hack targeting cryptocurrency wallet Electrum is being reported with a malicious party coming away with almost 250 Bitcoin (BTC) worth at an estimated $937,000.
Subsequently confirmed by Electrum itself, the attack consists of creating a fake version of the wallet that fools users into providing password information.
When a user would log into their wallet and try to send BTC to an address, they would receive an ‘official looking’ message claiming that they had to update to the latest version of their Electrum Wallet, followed by a GitHub link.
However, at the moment the threat has not yet been completely excluded. Users also claim that it is not possible to download the wallet from the official Electrum website. Presumably, the website is under a DDoS attack, the hacker could have affected the central server of Electrum.
This specific attack purportedly began on December 21st but was recently ended (maybe only temporarily) by GitHub admins, who purged the malicious download files.
Meanwhile, the Electrum Devs are urging users not to download any update from a source apart from the official website. Responding to the attacks, the project team updated the wallet app with a new upgrade that prevents the rendering of rich HTML text.