[Crypto News] Electrum wallet robbed $1m gone – not hacked but phished
We’re still at the Wild West stage of the crypto era
And highwaymen abound. They are called hackers today. Every other week we hear of another exchange hacked or another address compromised by some unscrupulous thief… a smart thief but still a thief. Just recently it was the Ethereum Classic blockchain that experienced a 51% attack. This time it’s the Electrum software wallet.
source
I can just imagine the gold miners of old, having made it all the way to the site of all the gold, which was no mean onramp. They get to the site, have a proof of stake in which they have invested, and start mining or panning. They may even accrue some hard-earned nuggets along the way, only to have them hijacked by some bandit behind a mask, with superior technology. These modern day highway men are a lot more surreptitious. Or could it be highwaywomen? Whoever it is behind the mask, they are able to sneak your stash of gold away from what you thought was a legitimate wallet. But it wasn’t.
This current episode of crypto theft was officially confirmed by Electrum
And it turned out that the thief was more like a snake oil salesman than a highwayman. He didn’t hack the wallet so much as get in through some phishing. The story came out on reddit and several comments followed afterwards, including one by user that goes by the name CryptoMaximalist, where he explains the details regarding the type of theft that raked in almost $1 million already from various wallets:
“Technically speaking, even though the term ‘hacked’ is broad, what happened was an attacker utilized the server response/messaging capability to phish users (it was more convincing because rich text was allowed to display in the electrum client). The message provided a link to “upgrade electrum”, but was actually installing a malicious clone. The attacker amplified their reach by spinning up more malicious servers which could loosely be considered a Sybil attack.”
A Sybil attack is daylight robbery by another name. And according to Wikipedia a “Sybil attack” is a breach of security “wherein a reputation system is subverted by forging identities in peer-to-peer networks.” Brian Zill of Microsoft adopted the name from a well-known psychology case back in the day regarding a woman with dissociative identity disorder – a more technical term for multiple personalities.
Cypherpunks just call it pseudospoofing.
Whatever you want to call it, two things of value come to mind:
- Never type a web address in manually, or copy/paste it without checking it. Use an accredited or bookmarked link. That is the exact point of vulnerability or attack vector used by these phishers. And what a sweet name to give to such a villainous theft – 243 bitcoin gone to Sybil. Security breaches are always going to be there, I guess. Sock puppets, wash traders, spoofers and phishermen. Bots and clones, ghosts and drones…it’s a new world.
- The good news at the end of this story (because we like to look on the bright side) is that we can trace the stolen bitcoin to the wallet address of the thief. We may not know who s/he is but we can see the beauty of the blockchain at work when we follow the open ledger, from one account to another to another, until the bitcoin sits at its final destination. OK that might not be all that assuring to the victims, but there it is – the stolen coin – just sitting there for all to see.
And what if the villain wants to spend it?
Surely that wallet address can be flagged?
Surely we could see when some bitcoin goes somewhere else, to another wallet. I’m just thinking aloud, I don’t have the full picture myself, but between us surely we might be able to come up with a system to secure our crypto or at least flag the thief.
Let’s hear your thoughts in the comments below.
Enjoyed reading today's report of the Crypto News?
Follow up for future reports on the latest crypto news, share your thoughts in the comment section and in case you missed out, below are some of the past CN articles.
PayPal uses blockchain technology to tokenize rewards for staff
.png)
Gaming giant Atari launches on the blockchain
Is there a correlation between gold and bitcoin?
Blockstream’s 5th satellite means you can mine and trade Bitcoin anywhere without internet access
2019 the year of the Blockchain smartphone with built in crypto wallet
I value your opinion and will always upvote constructive feedback.
These are the facts that maintain many on the sidelines but with the continued improvement in technology behind security and custody, this will improve. Some are even willing to provide guarantees and insurance for balances which is a great way to establish trust in the process at least. Time will tell!
Posted using Partiko iOS
I agree but I feel that custodian solutions might bring us closer to centralization again.
That's very interesting. However, such actions unsettle people to invest in blockchain technology (crypto) or to use them. This is a pity.
In the past, banks were robbed and the gold was stolen. It was not difficult in the old days (Wild West). The whole thing is not so easy today with Trezoren and police, etc. Have not tried it and not before but it would be difficult to almost impossible. The whole technology is still in the beginning and I think in a few years it will be like with the banks today (relatively safe). I'm pretty confident that a lot of security issues will be eliminated.
Thanks for reading this post, it was really fun to read and was very interesting.
Definitely! That's a big issue with crypto as it requires people to be responsible, which many aren't and can't be so we need custody solutions that bring us closer to centralization again.
Glad you enjoyed it. Thanks for your feedback!
I totally agree with that.
There is a solution to every problem.
I will definitely continue to support it and if the price drops, I'll buy it. There are good people here where for the community and the good of all, and I like that. For a good future for us all. :-)
Thank you so much for participating the Partiko Delegation Plan Round 1! We really appreciate your support! As part of the delegation benefits, we just gave you a 3.00% upvote! Together, let’s change the world!
Hi @runicar!
Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your UA account score is currently 5.142 which ranks you at #915 across all Steem accounts.
Your rank has dropped 1 places in the last three days (old rank 914).
In our last Algorithmic Curation Round, consisting of 255 contributions, your post is ranked at #32.
Evaluation of your UA score:
Feel free to join our @steem-ua Discord server