Phishing Attacks On Electrum Wallet Sees Over $16 Million Stolen From Unsuspecting Users

New reports show that over $500,000 worth of Bitcoin (BTC) has been siphoned from Electrum wallets – about 72 hours after a GitHub user claimed they had lost 1,400 BTC in a similar hack. Some of the funds have been traced to Binance, with the exchange blacklisting up to 70 accounts linked to the transaction IDs.

Back in February 2019, an Electrum wallet user named “KallEYE” wrote on GitHub that 0.09 BTC was missing from their wallet following an update software upgrade. Over the last year, several users also complained of a similar phishing attack, one user stating they had lost about 0.00796663 BTC to this address.

On Aug. 30, another GitHub user claimed the same address had stolen over 1,400 BTC (currently worth ~$17 million), raising brows on the bug exploiting Electrum wallets. Explaining the happenings of the hack, the user said he had not accessed the BTC since 2017 and mistakenly downloaded the old version of the Electrum wallet.

Once downloaded, the app prompted the user to update their software before withdrawing any amounts from the wallet. Once installed, the update “immediately triggered the transfer of my entire balance to a scammers address,” the user wrote on GitHub.

Another user, Cryptbtcaly, claims over 36 BTC, worth ~$500k, was stolen from their wallet two months ago, showing the rampancy of the hacks on old Electrum wallets. Investigations on the movement of the coins showed some coins moved to Binance wallets, but despite constant calls to the exchange team, much has yet to be done.

The hacker’s address shows it has received over 1,506 BTC and sent out 1,500 BTC since its first transaction in 2018.

Binance connection and response

According to data from Crystal Blockchain, a crypto transaction tracking analysis firm, a transaction worth around 5 BTC (~$60 k) can be traced back to the hacker’s wallet on Binance. The exchange responded to the 1,400 BTC hack and the specific transaction ID traced to Binance on Jan 2018.

A spokesperson from the exchange revealed that the transaction ID (TxID) is connected to 72 addresses on Binance but not a specific wallet on the exchange. The founder and CEO of Binance, Changpeng Zhao, alias CZ, said the addresses have since been blacklisted.

Notwithstanding, Electrum has opened up a phishing case with the German Police and the U.K authorities. A representative from Electrum stated,

“We (electrum developers) have reported the phishing attack to the police about a year ago. I cannot make any comments about the progress of the investigation, but it helps if victims report it independently. If you live in Germany, you should contact the cybercrime unit of the LKA Berlin.”

Read Original/a>
Author: Lujan Odera

ShapeShift Sues Former Senior Engineer; Stole 90 Bitcoins ($900k) Via Code Put on Servers

ShapeShift crypto exchange is suing a former senior engineer, Azamat Mukhiddinov, who siphoned roughly 90 BTC from the firm’s funds to an external wallet. The Switzerland domiciled crypto business filed this matter in a Colorado court, seeking restitution for damages incurred in pursuant of Azamat.

Notably, Azamat had already reimbursed the siphoned funds in one way or another, but ShapeShift now estimates tracking him could have cost the firm tens of thousands. The filing reads,

“In total, ShapeShift’s costs and expenses relating to the investigation of Azamat’s theft and the repair of its effects totaled tens of thousands of dollars, if not more.”

Other than the tracking costs, ShapeShift also highlighted that the event caused a lag in launching its new mobile application, which should have been out sooner than July. The filing further notes that ShapeShift employees had to spend long hours rewriting code to make the software secure, a process which ultimately involved a thorough review of the ShapeShift infrastructure.

The Inside Job at ShapeShift

Azamat joined ShapeShift as a senior engineer back in 2018; this was around the same time that the exchange enhanced its KYC requirements. With direct access to most of ShapeShift’s backend design, the former senior engineer saw an opportunity to breach the network for personal gains despite the binding contractual agreements.

This siphoning process began back in November 2019 and was executed up to May this year when ShapeShift eventually figured out that some coins were missing. According to the investigation findings, Azamat had created his own software and integrated it within the ShapeShift ecosystem. The embedded code allowed Azamat to siphon around 0.5 BTC progressively, taking advantage of his experience with ShapeShift’s backend security.

Upon being confronted on May 25, Azamat admitted to having compromised ShapeShift for personal gains. He, however, agreed to reimburse the total $900,000 worth of BTC in both crypto and fiat since a portion of the stolen digital assets had been spent. The filing notes that Azamat returned 60 BTC and a duffle bag with $31,900 while paying the rest in small portions. ShapeShift highlighted,

“Eventually, Azamat returned, in one form or another, all of the $900,000 in bitcoin he had stolen.”

It is quite noteworthy that Azamat’s breach at ShapeShift is not the first inside job the company is experiencing. Back in 2016, a similar incident resulted in the loss of hundreds of thousands of dollars. Nonetheless, McGregor is confident that the steps were taken after the 2016 incident came in handy with the latest inside job attempt.

Read Original/a>
Author: Edwin Munyui