Electrum coin cheat engine coc2/11/2024 In his analysis, Kacherginsky made a distinction between two separate threat groups that were said to be targeting ElectumX servers. Traffic is not distributed uniformly across servers.” “Moreover, that number suggests a 71% chance of connecting to a phishing server, which is inaccurate, because these servers were not seed servers. “The attackers used thousands of names, but they were not active simultaneously. “The reported number of 71% does not really make sense,” he told The Daily Swig. “That’s a staggering 71% of the entire scanned network being controlled by attackers.”įollowing the publication of this article, Electrum founder Thomas Voegtlin called this data into question. “Based on the automated scanning for phishing messages, I observed more than 471 confirmed malicious servers out of a total of 657 active nodes,” he said. “As a result, it is possible to flood peer tables with these ghost servers to perform a Sybil attack, where an attacker attempts to fill the network with servers they control to increase their chances to connect with Electrum clients.”Īfter having mapped the Electrum network during the attack, Kacherginsky paints a bleak picture of the compromised network. “Using randomly generated subdomains as aliases to a single domain is a clever exploit of ElectrumX’s peer verification process, which simply verifies that the advertised hostname resolves to the originating IP address,” he said. “The more malicious ElectrumX servers in the network, the higher the chance that a wallet will be attacked,” said Kacherginsky, who went on to explain how attackers were able to skew the odds of a successful connection in their favor. In order for the pop-up dialog box to be triggered, he said, the wallet would have to discover and connect to a malicious ElectrumX server. Screenshot of the Electrum transaction ‘error message’ used in the malware campaignĪccording to Kacherginsky, a user’s Electrum wallet attempts to maintain connections to a randomized selection of discovered servers. “As Electrum Wallet discovers new servers and their peers, they are added to the local storage, and depending on a user configuration may be used the next time the client connects to the network.” “The ElectrumX servers form their own distributed network to increase resiliency to individual nodes going offline or falling behind the blockchain,” he explained. In a blog post earlier this week, Kacherginsky discussed how attackers had modified the open source ElectrumX server software to throw up arbitrary error messages, which directed users to the malicious download pages. Nearly two months after the campaign first came to light, Coinbase blockchain security engineer Peter Kacherginsky has offered fresh insight into the attack against Electrum, and how criminals were able to exploit the network’s trust model in order to flood it with malicious servers. However, the binaries in these downloads contained a backdoor that was used to siphon more than 200 BTC – $750,000 at today’s rate – from users’ accounts. These pop-ups would direct the wallet holder to deceptive sites that offered seemingly legitimate Electrum client upgrades. It was subsequently confirmed that Electrum client versions 3.3.3 and earlier were vulnerable to an attack in which malicious servers were leveraged to throw up an error message to users making a bitcoin transaction. The Electrum project hit the headlines in December, as reports surfaced on social media of a large-scale hack impacting users of the open source crypto-wallet. UPDATED At the height of the Electrum Bitcoin Wallet malware campaign, more than 70% of the entire network was being controlled by attackers, new research reveals. Malicious servers churned out error messages directing users to backdoored downloads
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |