One of the most popular software Bitcoin wallets has been cloned and its malicious version put online for the purpose of stealing Bitcoins. Electrum wallet just announced that a “copycat” wallet from the name of ElectrumPro and website electrum.com has been created by someone to mislead users into downloading the wrong Electrum wallet. That wallet, once loaded with Bitcoins, can steal them overnight as it’s loaded with malware to do so.
The announcement came as a Tweet from official Twitter handle of Electrum. The company said that its official website is Electrum.org and they don’t own the dot com version of domain, which is very likely being used to distribute Bitcoin stealing malware.
Electrum's website is https://t.co/aHiZIZH54e. We do not own electrum dot com, and "Electrum Pro" is very likely bitcoin stealing malware. Please use https://t.co/Rne1yx5acw for a list of Bitcoin wallet websites.
— Electrum (@ElectrumWallet) April 5, 2018
Magnifying the scope of problem are Google Ads. As you can see in the screenshot given below, the Electrum.com link appears above the legit Electrum.org link, thanks to an ad created by the perpetrators of this scam. While Google now seems to have taken down the fraudulent ad, some users are reporting that they’ve lost significant amount of Bitcoins to this scam website’s wallet. Users who’re not tech savvy usually open the first link on Google’s results page, and the website itself also looked quite polished. Moreover, it also claimed to be an upgrade of original Electrum wallet – something that would make even tech savvy users fall prey to their scam.
Electrum team has now given complete explanation of how this wallet steals Bitcoins on Github. Recovery seed is a feature that’s used by most modern software wallets – your wallet is assigned a seed made of 12 randomly chosen words when you create the wallet. This seed can be used to recover the wallet in case you lose access to your wallet. Therefore, the seed should be kept very private. This malware containing wallet, however, steals the recovery seed at the time of creating it. Once the seed reaches scammers they use it to recover the entire wallet on their computers along with Bitcoins.
A Case Study for Brand Protection
And this is why you should register all popular extension of your domain name while starting a brand – had Electrum bought its .COM domain as well while registering .ORG, these scammers wouldn’t have been able to get their hands on it. Now Electrum is learning about this the hard way, and many of its users (would-be users, to be correct) are also suffering in process. This is a classic case study for brand protection.
It’s also worth noting that this is not the first case when a Electrum wallet has come on the target of scammers. Previously a very clever attempt to con users in the name of Electrum was also spotted on Twitter. In that case a Twitter account almost completely identical to the original Electrum account was being used by con artists. The technique they wanted to use was phishing, and they were able to use a username and account name almost identical to Electrum by replacing the lowercase “l” with uppercase “I” (eye). It was very difficult to spot the difference, and had they not been caught earlier it’s not imaginable how much havoc they would’ve wreaked.
Hopefully now Electrum will learn its lessons and obtain all domains and social accounts similar to its brand name so history doesn’t repeat itself. For now if you use Electrum wallet make sure that your wallet is Electrum and not ElectrumPro, and that it mentions its official website Electrum.org instead of Electrum.com in the Help menu. If not, move your Bitcoins somewhere else immediately.