Electrum, a cryptocurrency wallet, which is reportedly under an ongoing hack, has, as reported by commentators on an online discussion, been hacked of almost 250 Bitcoin (BTC) (which amounts to $937,000), as on Dec. 27th, 2018. The ongoing hack has been subsequently confirmed by the crypto wallet itself. The malicious party created a fake version of the wallet, and users were fooled into providing login credentials.
According to a commentator, which goes by the Reddit profile name of u/normal_rc, the hacker set up a whole bunch of malicious servers. If someone tries to send BTCs via one of those malicious servers, they would see an official-looking message encouraging them to update their Electrum Wallet, along with a scam URL.
The affected users’ wallet balance was emptied after they provided their two-factor authentication code. Electrum does not in fact request two-factor authentication during login, but rather while transacting.
A victim reported that when he logged on, the pop-up message immediately asked him for his 2-factor code which he thought was suspicious, as Electrum only asks for 2-factor code when one attempts to send, but when one logs in. The victim allegedly kept on trying to send and kept getting the same error code i.e. ‘max fee exceeded no more than 50 sat/B [satoshis per byte].’ The victim, then restored the wallet on a different pc, only to find out that his wallet balance was transferred out in full.