A Bitcoin investor who downloaded an older version of the popular cryptocurrency wallet Electrum and updated its app with a fake update message appearing on the app lost 1400 BTC yesterday. These BTCs are worth $ 16 million at current prices.
A Bitcoin investor announced that he lost 1400 BTC in a wallet that he said he had not been able to access since 2017. At the center of the incident were hackers targeting users of the popular cryptocurrency wallet Electrum and Electrum.
In the message he wrote to GitHub, the investor said that he set up an old version of the Electrum wallet “stupidly”, that he wanted to transfer about 1 BTC after setting up the wallet, but could not continue the transaction due to the message that appeared in the pop-up window.
The message said that the application had to be updated for security before money transfer, but this was a trap. All Bitcoins of the investor who updated the wallet were transferred to the hacker address.
This is how the system works
Software engineer Ben Kaufman talked about how Bitcoins work from Electrum and what hackers set up.
Accordingly, the Electrum wallet can connect to the blockchain by default via a server selected from the public list of Electrum servers. Anyone can run such a server and some users connect to it randomly. When a transaction is broadcast in Electrum, it is sent to the connected Electrum server to spread over the network. The server has to try to add the process to its own memory pool and spread it to other Bitcoin nodes. In case the operation is invalid, the Electrum server to which the user is connected may return an error message with an error window on the user’s Electrum client. Electrum versions prior to v3.3.3 allowed the error message to be free text. This meant that the Electrum server could return any message it wanted and make it pop up as an error message on the user’s client.