Security News Bitcoin Wallet App Caught Stealing Seed Keys

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
The team behind Electrum, a Bitcoin wallet app, has exposed a copycat product named Electrum Pro as a malicious app that steals users' seed keys.
Electrum developers made their accusations in a document published on GitHub yesterday.
The document contains a step-by-step guide to decompiling a rival product named Electrum Pro that popped up online two months ago in March.

Obvious copycat is obviously malicious

The Electrum team has long suspected this is a scam product. The reasons are that the newly launched wallet app used their brand name without permission, but also registered the electrum.com domain, similar to the real Electrum domain of electrum.org, in an attempt to capitalize on the older app's reputation and trick users into using their product.

Now, Electrum devs seem to have confirmed their initial suspicions. On GitHub, the Electrum team points to a particular piece of code (lines 223-248 in electrumpro_keystore.py) where the Electrum Pro wallet appears to take the user's wallet seed key and upload it to the electrum.com domain.

Wallet seed keys are cryptographic keys that allow the owners of a wallet app to access the funds of multiple Bitcoin addresses stored in a particular wallet.

With the seed keys uploaded to electrum.com, the owners of those domains have the ability to use these seed keys and empty Bitcoin accounts.

According to Electrum devs, creating or restoring a wallet with Electrum Pro will send copies of the users' wallet seed keys to the electrum.com domain.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top