Electrum, a popular bitcoin wallet has suffered a denial-of-service attack. The company announced the attack on Twitter, assuring its users that its developers were working on a “more robust version of the Electrum server.” It also advised its users to disable auto-connect and select their servers manually.
The source of the attack was an extremely powerful botnet. The bot pooled together the power of 140,000 machines, making it difficult to bring down. It directs unsuspecting users to a version of the Electrum software that the hackers have compromised, stealing their BTC.
According to a report by The Next Web, the attack has focused almost exclusively on users who are using old versions of the software. Currently, the wallet doesn’t have an auto-update option. Therefore, users have to update their software manually.
Speaking to the publication, the wallet’s lead developer Thomas Voegtlin explained:
Indeed, updated versions are not at risk, but the service might be temporarily unavailable. If that is the case, we recommend to users that they stick to the same server (disable auto-connect), until they eventually manage to open a session.
As with any other DoS attack, the bot is directing massive traffic to Electrum servers, causing crashes. The hackers then direct users to the fake servers being that they operate. Here, the malicious server urges the user to update his client with a hacked version. Once he installs the hacked version, the user loses all the funds in the older version.
Electrum developers are working to resolve the attack, Voegtlin said. However, he warned users that they could face service interruptions as they work on mitigating the damage that the intense traffic had caused.
A Retaliation Attack
One security researcher told the publication:
The total amount stolen is in the millions of dollars so far, with a single person alone losing almost $140,000, based on our analysis. The DoS attacks are a new level, which only began about a week ago. People have seen 25 Gigabits per second worth of traffic being flooded at community run servers.
While the motives behind the attacks are unclear, Voegtlin believes they are a retaliation attack. Electrum previously suffered a phishing scam by a Trojan known as Electrum Stealer. The Electrum developers modified some servers to increase protection against such an attack. This is the loophole that the attackers have exploited.
Voegtlin told the outlet, “We are not sure what motivates the attacker. It might be some kind of retaliation after we took steps last month in order to prevent phishing attacks. This counter-attack has been effective against phishing because it does not require a lot of legit servers. If you randomly connect to 10 servers, the chance that at least one of them is performing the counter-attack is very high.”
He also advised Electrum users to only download Electrum software from the Electrum.org website. They can also use the wallets official GitHub depository. This is the only way they can protect themselves from the attack, he said.