Security Center Security News v
Bitcoin Wallet App Caught Stealing Seed Keys

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Bitcoin Wallet App Caught Stealing Seed Keys
tarekma7 Offline
Administrator
*******
Administrators
Posts: 19,392
Threads: 8,940
Thanks Received: 32,370 in 9,283 posts
Thanks Given: 4,308
Joined: Sep 2015
Reputation: 2,717
The EnforcerGold MemberRandomThe InfluentialThe CrownThe Researcher The WriterThe Organizer View All
#1
05-10-2018 , 09:54 PM
Quote:The team behind Electrum, a Bitcoin wallet app, has exposed a copycat product named Electrum Pro as a malicious app that steals users' seed keys.

Electrum developers made their accusations in a document published on GitHub yesterday.

The document contains a step-by-step guide to decompiling a rival product named Electrum Pro that popped up online two months ago in March.

Obvious copycat is obviously malicious
The Electrum team has long suspected this is a scam product. The reasons are that the newly launched wallet app used their brand name without permission, but also registered the electrum.com domain, similar to the real Electrum domain of electrum.org, in an attempt to capitalize on the older app's reputation and trick users into using their product.

Now, Electrum devs seem to have confirmed their initial suspicions. On GitHub, the Electrum team points to a particular piece of code (lines 223-248 in electrumpro_keystore.py) where the Electrum Pro wallet appears to take the user's wallet seed key and upload it to the electrum.com domain.

Wallet seed keys are cryptographic keys that allow the owners of a wallet app to access the funds of multiple Bitcoin addresses stored in a particular wallet.

With the seed keys uploaded to electrum.com, the owners of those domains have the ability to use these seed keys and empty Bitcoin accounts.

According to Electrum devs, creating or restoring a wallet with Electrum Pro will send copies of the users' wallet seed keys to the electrum.com domain.

Seed key theft seen in Windows and macOS binaries
"We previously warned users against 'Electrum Pro', but we did not have formal evidence at that time," Electrum devs said.

Devs also said they've only analyzed Electrum Pro's "electrumpro-4.0.2.dmg" macOS binary and "ElectrumPro-4.0.2-Standalone.zip" Windows binary, but warned that "is safe to assume that the other Windows binaries are malicious as well."

Affected users should move funds from Bitcoin addresses they've managed via Electrum Pro. At the time of writing, there have not been any reports of stolen funds.

SOURCE
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Password-Stealing Windows Malware has been Discovered mrtrout 0 765 07-24-2021 , 02:32 AM
Last Post: mrtrout
  U.S. DOJ warns of fake unemployment benefit websites stealing data Bjyda 0 984 03-07-2021 , 10:59 PM
Last Post: Bjyda
  Baidu's Android Apps Caught Collecting and Leaking Sensitive User Data mrtrout 0 1,007 11-25-2020 , 10:08 AM
Last Post: mrtrout
  Linkury adware caught distributing full-blown malware dhruv2193 0 895 10-01-2020 , 11:44 AM
Last Post: dhruv2193
  Hackers hit NutriBullet website with credit card-stealing malware sidemoon 0 1,376 03-18-2020 , 06:48 PM
Last Post: sidemoon

Forum Jump:


Users browsing this thread: 1 Guest(s)