New Attack Against Electrum Bitcoin Wallets

This is clever:

How the attack works:

  • Attacker added tens of malicious servers to the Electrum wallet network.
  • Users of legitimate Electrum wallets initiate a Bitcoin transaction.
  • If the transaction reaches one of the malicious servers, these servers reply with an error message that urges users to download a wallet app update from a malicious website (GitHub repo).
  • User clicks the link and downloads the malicious update.
  • When the user opens the malicious Electrum wallet, the app asks the user for a two-factor authentication (2FA) code. This is a red flag, as these 2FA codes are only requested before sending funds, and not at wallet startup.
  • The malicious Electrum wallet uses the 2FA code to steal the user’s funds and transfer them to the attacker’s Bitcoin addresses.

The problem here is that Electrum servers are allowed to trigger popups with custom text inside users’ wallets.

Posted on January 7, 2019 at 6:13 AM26 Comments


JO January 7, 2019 7:06 AM

What’s interesting is the additional servers showing up were noticed ahead of time, and a lot of speculation on why they had spun up and whether they were planning on doing anything malicious occurred for a week or two before the actual attack. Most people seemed to think that they were just there to try and collect data to de-anonymize transactions and holdings. So even though the attach was seen coming, nobody knew exactly what it was going to do.

Clive Robinson January 7, 2019 10:34 AM

Whilst $750,000 sounds a lot it’s penuts and will be tracable[1] if they try to use the Bitcoin in any way.

Thus why did the attackers go to both the trouble and the expense?

It suggests that the attack was not actually to get bitcoin for financial gain, but to look like it is. That is the real intent is highlighting the fact that both the Electrum wallet network and the Electrum wallet design have deficiencies.

The question then becomes “Who gains from discrediting the Electrum system?

But of course the real question is,

    As all software is pretty much guaranteed to have bugs that can be turned into attack vectors who knowing this would be daft enough to use such systems for storing real value without having an effective insurance in place?

[1] See the work of Ross j. Anderson and others at the UK’s Cambridge University Compuputer labs for how this can be done,

Phaete January 7, 2019 10:52 AM

While you can indeed track Bitcoin within it’s own system, it gets very hard, even impossible, if the coins are converted to other cryptocurrency.
Monero and Zcash for instance are very hard to track.
If you are willing to only take cents on the dollar, you actually can get those coins anonymously.

John January 7, 2019 12:48 PM

@Clive why would people care if the BTC were stolen?
@Phaete is right, but even in his example folks who buy (stolen) BTC clearly don’t care, or know people who’d buy it for more than the first buyer paid.

Most buyers don’t care, or don’t know enough to be able to figure out whether the coins they are buying are “tainted”.

Skopje January 7, 2019 1:43 PM

“It suggests that the attack was not actually to get bitcoin for financial gain, but to look like it is.”

Evidence? “Penuts”

George Bellarious January 7, 2019 1:53 PM

So, these coders who people trust with their money basically re-invented email? What’s next, spam?

Why exactly don’t we like banks and the FDIC again?

Jesse Thompson January 7, 2019 3:24 PM

Looking at that virustotal page, I am getting really disappointed with 90% of those malware scanners for blessing that payload as clean. Out of the 6 popping warnings, I think Kaspersky is the only one I even recognize. 😛

Clive Robinson January 7, 2019 3:49 PM

@ John, Phaete, Skopje,

… why would people care if the BTC were stolen?

You are kind of making my point for me.

I’m told the rate you get from a fence on precious stones and metals and even cash is around 10Cents on the dollar of the open market rate. As you say,

Phaete is right

As far as,

    If you are willing to only take cents on the dollar, you actually can get those coins anonymously.

Which brings $750,000 down to 75K or even less.

Now those involved went to some effort to set this up which took resources in terms of effort time and money over a period of several weeks.

What is the ROI when this is included?

My view is that the people doing this are not particularly stupid, it is after all a new attack, not a copy-cat. I could be wrong they may be incredibly stupid just lucky, but as our host @Bruce notes “This is clever”, so arguably I’m not alone in my view.

Thus based on this I think that the ROI is too low as it is. But when you then add in the risk of prison in the US for 20-50 years as a minimum these days –for very minor or even non crimes– the risk equation changes very considerably…

Look at it this way ignoring the eye watering cost of avoiding extradition and defence legal fees. Assume three guys thats 75K/(25×3) = 1K/year, with out taking inflation into account.

The face up the ROI on this attack is at best suspect. Hence I ask the question of,

    Who gains from discrediting the Electrum system?

As the next logical step.

By all means disagree but don’t do a knee jerk response put some actual figures in to back it up. Or come up with an alternative possability to account for what we know with evaluated reasons.

Otherwise you are not making a credible argument, more an ad hominem argument.

Clive Robinson January 7, 2019 4:35 PM

@ All,

I made another point above, which has not yet been jumped upon which historicaly is odd.

    As all software is pretty much guaranteed to have bugs that can be turned into attack vectors who knowing this would be daft enough to use such systems for storing real value without having an effective insurance in place?

But befor you think of doing so, please read this,

It points out why you really should avoid Crypto Currencies except as high risk speculation. That is even when claims are made, they are basically not verifiable and you bare all the risk.

As they say in pubs in the UK,

    Name your poison

Clive Robinson January 7, 2019 4:57 PM

For information purposes…

Earlier I mentioned the Cambridge Computer labs, well back in 2004 Richard Clayton who I had an occasional disagrement with was joint author on a paper about why “proof of work” was not going to realy work to limit spam,

Some of you are thinking “so what” well you could call it a portend of future failure. The blockchain that underlies most crypto-currancies uses “proof of work” in a “law of diminishing returns” frame of refrence.

Well hear we are nearly a decade and a half data and we have this little nugget of information to consider,

Yup spend your money on wild cat mining in say Australia and you’ld probably get better returns for your time, money and effort…

65535 January 7, 2019 6:03 PM

Adding 10 servers to Electrum wallet infrastructure sounds odd…. or even a malicious trick if not pre-announced by Electrum. Servers can be servants or overlords depending on how they are used.

Bruce S. notes the issue with first asking for 2FA before issuing a wallet as a red flag.

I agree.

@ Clive Robinson

Your lightblue touchpaper link points to using an accounting method of FIFO and some legal case mixed with coding as a method to trace Bitcoin theft. This is interesting, including the comments at the end of the blog.

I will ask my better half or bigger half how to interpret those accounting questions in lightblue touchpaper comments. That is out of my area.

I the long run blockchain banking needs more perfecting to be used as common banking. There are just too many scams.

Will the true inventors of bitcoin be discovered any time soon. I womder.

dragonfrog January 7, 2019 6:22 PM

So, do bitcoin tumblers not exist or work anymore?

I thought that was why BTC was useful for buying illegal goods online – that you could spend a few percent of a transaction’s value to have it so thoroughly mixed with other transactions, that the link between buyer, seller, and transaction, could not be traced. Fully automated money laundering in a matter of minutes and at a bargain price.

And, if my understanding above is correct, then a thief who managed to get their ill-gotten BTC through a tumbler before the theft was noticed, should be in the clear – they should at this point have a mix of BTC from all over the place. So, if the initially stolen BTC are invalidated, the thief barely loses anything, and hundreds of other people also lose a tiny amount of their tumbled transactions…

commonreader January 7, 2019 9:34 PM

@dragonfrog tumblers definitely do exist. Ones as big as bestmixer will be hard to track. It’s not even of type dark-web, as they have marketing Youtube material0. Of course, going to the dark web will be another option as there are people in countries which will not enforce Bitcoin laws or accept bribes, and an agreement to send bitcoin and receive wire-transfers, bitcoin, western union, or any other type of currency will also be options.

So the thought that “why did the attackers go to both the trouble and the expense?” because they will just be caught is very naive.

Mr. C January 7, 2019 10:17 PM

@ Clive:
Prof. Anderson has the law, and thus the logic, wrong. Believe it or not, insolvency law has advanced since 1816. The general name for attributing fractional parts of the money in an account to various sources is “equitable tracing.” In modern law, the correct method in most circumstances is called the “lowest intermediate balance” method. It works like this:

  1. Define a set of legal presumptions about which classes of money leave the account first. From this, devise a rank-ordered rule. (E.g., money from gifts leaves before money from wages, which leaves before money from pension payments.)
  2. Begin at a point in time before any money of interest was present in the account. Label everything in the account at this time as “other.”
  3. Step forward one transaction at a time. If it’s a deposit, label the incoming funds according to their source. If it’s a withdrawal, apply the rank-ordered rule to decide which label(s) to debit first to satisfy the withdrawal.
  4. Repeat #2 until the transaction history is exhausted, reaching the present day.

Generally, the rank-order rule used is not FIFO, but rather “funds of interest leave last.”

This is a good rule when you’re the court and you’ve seized the account and now have to distribute its contents. It tells you what’s “in” the account.

It’s also a good rule if you’re in position to seize any arbitrary account. It tells you precisely where the money of interest is at. (It’s better at this than FIFO, which will follow a half of a pair of transactions and flag the money in the hands of an innocent third party as tainted, even though the criminal still has an equal amount in their account. (Example: “20 clean BTC in -> 20 dirty BTC in -> 20 BTC to innocent merchant.” FIFO flags the money in the merchant’s hand. While “funds of interest leave last” flags the money in the criminal’s account.)

It’s also the best rule I can think of for catching the moment when stolen cryptocurrency is exchanged for cash. However, this won’t work (nor will anything else) if the stolen funds (or their equivalent in wash funds) are entirely dissipated in goods/services transactions.

Phaete January 8, 2019 12:18 AM

@Clive Robinson,

You base your ROI on western standards, for the largest part of the world population, an ROI of 75k would be good.
Also chances are also that it is just a crime of opportunity.
I just don’t buy the discredit angle.

I find the low number of transactions over time quite interesting
Did his popup affect just the tiniest part of the network, or something else?

Jim January 8, 2019 1:19 AM

I think they would be able to launder most of it at near full market value.

Plenty of no kyc exchanges out there, and could be attributed and launder by filling it as earnings from Monero mining.

Soft wallets are low hanging fruit , kinda like bank security in the early 90’s

Skopje January 8, 2019 4:27 AM

“By all means disagree but don’t do a knee jerk response put some actual figures in to back it up.”

Just to point out, you did not do that. You opined based on nothing real.

Now this doesn’t have to be a pissing match and people like you here, but seriously?

This from the “skeptic” who doesn’t want to jump to conclusions about positive attribution even where it’s proven and admitted to, but he “just knows” the motive behind this theft.

I take no pleasure in calling that obvious bullshit.

Jim January 8, 2019 6:33 AM

Ok here’s some figures for you @Skopje you can go on to verify it.

Deposit limit: 13.3907 BTC when exchanging for XMR

1btc = $4000 (approx)
1 XMR = $53 (approx)

Exchange rate 1BTC = 72.75 or $3855,75 or 96,39375% to make those funds untraceable.

Exchange rate source:

I can also elaborate on why Monero is private if you like.

A Monero ring signature is composed of the actual signer, who is then combined with non-signers to form a ring.

Binance the number 1 crypto exchange also allow you to deposit with No ID

Lots of numbers here to back this all up!

Bob January 8, 2019 10:54 AM


The comments are really the only useful part of that link. It’s a common phenomenon in beginners who start to understand basics that they think they have everything figured out and that it’s all so very simple, when really they’re just missing most of the picture.

That whole thing reads like someone took Accounting 101 at their local community college and said “Aha! This solves everything! To hell with all nuance!”

Nein Mine January 8, 2019 9:33 PM

“Lots of numbers here to back this all up!”

All you forgot was the point of the argument, d’oh!

Douglas Heaven Art. January 9, 2019 7:02 AM

Perhaps every one should read the Technology Review on cryptocurrency criminals endeavor. About how they are being not just traced, but caught, and will be increacingly caught, not just for current and future transactions but very probably for past transactions as well.

As is noted by one of those interviewed, last year marked the begining of Treasury Departments investigating cryptocurrency for tax evasion, avoidence and criminal enterprise. Historically Treasury Departments tend to be a little more ruthless than many Law Enforcement Agencies (LEAs) when it comes to criminals, accomplishing what the LEAs could not.

The article also notes the closing down and seizing of assets including computer records of a major cryptocurrency exchange. Also of other exchanges fearing association with more suspect cryptocurrencies have dropped them. Also that many using cryptocurrency laundering systems are not being sufficiently cautious.

All of that indicates cryptocurrency laundering systems are insufficient for average cyber criminals to hide behind. Consequently other more traditional money laundering processes need to be used as firewalls in the process, that will have additional costs for the criminals.

Joe January 11, 2019 3:42 AM

@Clive Robinson wrote, “As all software is pretty much guaranteed to have bugs that can be turned into attack vectors who knowing this would be daft enough to use such systems for storing real value without having an effective insurance in place?”

If this were true, then the only difference between crypto currency and our fiat based currency is an effective insurance policy. this not just US currency but consider all other currencies, and if we dig a little further countries buying each other’s bonds as an effective insurance policy commonly referred to as currency pegs. IMHO.

Joe January 11, 2019 4:13 AM

@Clive Robinson wrote, “Yup spend your money on wild cat mining in say Australia and you’ld probably get better returns for your time, money and effort…”

Like all money systems, each participant in a currency, crypto or not, must be adequately incentivized thru perceived rewards in order for a currency to survive. What is the value of a dollar if you cannot see “the money and the honeys” but in most cases it is fulfilling our baisc needs for survival. An “issuing authority” in a well-designed system such as bitcoin is no longer centralized but acts in a more democratic way than fiat. While, fiat’s claim to democracy is heavily based on demand, cryptocurrency systems are designed to democratize both supply and demand by decentralizing the minting process to very low barrier of entry. While this is mostly true, the supply of crypto currency can still be controlled in the hands of a few, thru influencing the minting process (asic manufacturers) and altering software/protocols. Thus, it would face similar problems of fiat. Afterall, they are both “software”..

Clive Robinson January 11, 2019 6:32 AM

@ joe,

If this were true,

But you have not shown it to be otherwise. I could put it another way if you like? Comparing cardboard boxes just left unattended on random street corners to guarded vaults in banks etc for storing diamonds in as a longterm practice. You can get insurance on things of value in guarded vaults in banks etc, but good luck finding it for a cardboard box left unattended on a random street corner.

With regards,

Like all money systems, each participant in a currency, crypto or not, must be adequately incentivized thru perceived rewards in order for a currency to survive.

You are deliberatly avoiding the point I was making, which is the effective cost of producing on bitcoin in resources is way higher and more risky than going and digging holes to find gold etc in the australian out back.

Clearly you are a cryptocurrency fan boy, where as I prefer to point out that it is nowhere near close to being a replacment for standard currencies. In short it’s a very high risk speculation as well as being an environmental disaster.

I’m an engineer by training and not a self taught speculator. Thus I tend to look not at potential gain but realistic losses.

The simple fact you realy have to consider is “proof of work” is a realy bad idea, whilst it sounds seductive as an actual process it’s a ship that so far keeps hitting the rocks. Worse even when it looks like it’s working we don’t yet have software systems secure enough to stop it’s output reward getting fairly easily stolen.

Then there is the slowness of the blockchain compared to say processing of credit card transactions…

These are real world problems that are nowhere near being solved and in some cases we don’t have a clue how to even start solving them.

So if you want to speculate, the feal free it’s your money, but please do not try and make it sound like a stable currency, because it’s not nor judging by it’s history to date will it be any time soon.

Joe January 14, 2019 4:22 AM

@Clive Robinson in regards, “You are deliberatly avoiding the point I was making, which is the effective cost of producing on bitcoin in resources is way higher and more risky than going and digging holes to find gold etc in the australian out back.”

FYI. We’ve already abolished the gold standard. Thus, “fiat currency” is no further away from “crypto currency” in as far as complex arithmetics and “software”.. the only real difference is the way mathmatics is applied thru complex hedging algorithms in order to maintain “currency stability”.. IMHO.

I’m in no way promoting replacing fiat with crypto however. The prosperity of a “currency” is dependent of a backing authority and its wishes.

Clive Robinson January 14, 2019 8:16 PM

@ Joe,

The gold standard is irrelevant to what I was talking about. And you can’t buy most consumer goods or electricity with crypto-currency, you have to use a recognized state backed currency. Mostly for international trade that is the US dollar (USD).

So if you do all the figures of buying equipment and the power to run it to go mining you can price it up in USD. Likewise you can do all the purchase of ASIC boards and the power to run them also in USD. Thus you are comparing like with like at this point.

You can then draw up a graph of comparitive costs for the past decade or so and how much “product” you got for 1USD of input. Again comparing like with like.

Which you can then use to draw up a second graph with the USD to product exchange rate at the time, from which you can deduct the production costs, and thus find the on going process profit at the time.

The result is not that impressive for crypto-currency.

The important thing to note is that the cost of mining gold has –after inflation correction– remained fairly constant for each unit of product (Kilogram or Troy ounce). However the cost of mining crypto-currancy has in many cases escalated dramatically (as intended with bitcoin).

At this point the crypto-currancy is not a good investment to mine compared to gold or any other open market for precious metal or for that matter jems[1].

The only thing of interest with crypto-currency is the built in increase in cost of “proof of work”. It’s a very deliberate way to make the value of mined crypto-currency rise with time, thus encoraging speculation by hording but more importantly making the bulk of the crypto-currency value held by early implementors who have horded their mined crypto-currency. The result of this hording has been via the usual mechanisms of supply and demand the wild price swings of crypto-currency value when compaired to a more stable government backed currency that is of real world use like the USD.

I’ve not checked in the last few weeks but I’m told the fall from ~20KUSD/bitcoin to less than 3.5k at the begining of december which is a fall to ~1/6th of it’s value caused a lot of bitcoin mining to stop as it was nolonger productive to mine. Oh and other crypto-currencies that are designed specifically to be mined on PC hardware saw a related drop that in turn caused the price of high end graphics cards to drop…

Crypto-currency mining thus shows all of the key signs for speculative investment not use as a real world working currency. It has ever rising and quickly eye wateringly expensive mining costs such that once a crypto-currency gains visability, it is realy only viable to mine where the unit price of electrcity is artificially low, often by government subsidies. Which will at some point be no doubt severely clamped down upon.

Also as others have noted where it is mined using cheep electricity, the low cost of the electricity is in part due to the use of low grade fuels like brown coal that are to put it politely an environmental disaster.

Such speculative behaviour seen with crypto-currencies not only mark them down as speculative, they are also a “black tulip” market. Also due to the way the proof of work cost is forced to escalate which very deliberatly favours early implementors it can be seen that not just individual crypto-currencies are speculative, but also the number of “new” crypto-currencies is also speculative. In effect much of the crypto-currency market can be seen to be designed to work like other faux investments such as pyramid schemes, which you probably know are considered fraudulant. Which means that in time the legal authorities might take steps against designers and early implementors of crypto-currancy systems that have such mechanisms built in.

[1] Not diamonds however, De Beers maintains a cartel of companies as a de facto monopoly and has a very significant control of the market in rough diamonds between 80-90%. They hord the vast majority of rough diamonds mined to maintain a very much raised artificial price,

Also various US banks are involved with keeping the price of aluminum artificialy high by manipulating both the metal market and the supply of ingot aluminum (short term hording).

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.