Beware: Wallets, hackers, malware and phishing attacks

A new phishing attack targeted users of the Electrum wallet. With a fake notification to upgrade to a supposedly new version of the software, malicious parties tried to steal the funds of unsuspecting users. Always be alert and when in doubt, rather play it safe!

Yesterday it appeared that users of the Electrum wallet were the target of a new phishing attack . A fake notification prompted users to install a new update. That call did not come from the makers of the Electrum wallet, but from malicious parties.

Users who installed the so-called update in response to the call installed a version of Electrum infected with malware . In addition, the software has been modified by the attackers in such a way that they can steal the funds from the wallet.

The false report did not appear to come from Electrum, but was spread by scammers through advertisements on popular websites. Visitors were presented with a pop-up screen that did not look like an advertisement, which contained a request to install the infected version of the software. You can read a more technical explanation here.

Above: A screenshot of the fake call

It is therefore not a bug or error in Electrum’s software itself, but abuse of the advertising channels of popular websites. If you have not installed the infected software, your funds are probably safe.

Phishing attacks

Phishing is almost as old as the internet itself. Scammers have been trying to imitate websites and emails from banks and other companies for many years in order to lure victims into a trap. This form of online fraud is therefore not new.

With Bitcoin it took on a new dimension, because bitcoin transactions are irreversible. Once a swindler or thief has received the loot, it cannot be reversed without the cooperation of the thief. Moreover, the pseudonymity of Bitcoin makes it difficult to find out who is behind the scam. That makes bitcoin attractive to scammers.

Phishing attacks are also becoming more creative and sophisticated. Scammers are always discovering new ways to reach people and they are increasingly aware of how to play on people’s emotions. Therefore, do not react hastily, but above all remain calm and, if in doubt, rather play it safe.


Below are some tips:

  • Never enter your seed phrase (the 12 or 24 words you were given when you created the wallet) on a website, never send it by email or give it to others. So not even to someone from a helpdesk. If someone has your seed phrase, they have full control over all funds in your wallet.
  • Always check whether the website is really the website of the wallet. Look closely at the address in the address bar. Sometimes scammers use an address that is very similar to the address of the official website, but with a small difference – for example, an inconspicuous accent mark in a place where it should not be found.
  • Preferably do not use links to wallet websites that are on other websites. Sometimes those links are wrong. In rare cases, scammers even influence search engine results. It is safer to manually enter the address of the website you want to visit in the address bar.
  • Make sure you use a virus scanner that is up to date. Preferably also use an ad blocker.
  • Do you receive a notification or an e-mail about news or an update? Check first on the official website if the message is genuine. If you can’t find anything about it on the official website, chances are something is wrong. Is it on the website? Then preferably use the download links on the website and not in the notification or e-mail.
  • In the case of a security leak or an update, it is often discussed on social media. It may help to look there first to read what people write about it.
  • A hardware wallet protects a wallet against digital theft, because a physical button on the device must be pressed before a transaction is possible. A thief cannot steal anything without your cooperation. You can rely on the screen of your hardware wallet, but the software on your computer or phone could theoretically be infected – so always check on the screen of your hardware wallet whether the transaction details are correct before confirming with the button. When in doubt, do not press the button.
  • Don’t quite trust it? Then don’t take any risks. Try to find out if there are ways to get more assurance. Sometimes that may mean installing a different wallet. If you ask for advice anywhere, never give away your seed phrase or give anyone access to your computer.
  • If you think your computer or smartphone might be infected, use a different device or consider completely wiping the device and reinstalling everything.

In conclusion, it is important to realize that absolute security is probably unattainable and that ‘the best way’ to secure your bitcoin does not exist. Each way has advantages and disadvantages and since Bitcoin is still relatively new, they all have yet to prove that they stand the test of time. You will have to decide for yourself which solution works best for you. If you don’t know where to start, the might be able to help you.

In most cases, we recommend using a hardware wallet for slightly larger amounts, because many risks can be mitigated with this. And for the rest, the main thing is: stay alert and don’t let yourself be fooled.

We previously wrote about the various forms of scams that use bitcoin, as well as fake advertisements with famous Dutch people and fraudulent investment websites. For those who come into contact with cybercrime , there is the option to file a report online.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

© 2024 Cryptocoin