Bitcoin wallet Electrum has exposed on GitHub how a similar service Electrum Pro can steal user data. The claim has been externally verified.
Electrum Pro, launched in March 2018, has come under severe attack from a popular Bitcoin service Electrum. The company has published a step-by-step guide to decompiling the python-based binary for the Electrum Pro wallet’s code.
Hence, they found a function in the wallet’s code — lines 223–248 in the electrumpro_keystore.py — that copies the users’ seed-phrases and subsequently sends them to the electrum.com domain. Once in place, the site’s owners may steal cryptocurrency from a corresponding account.
“We previously warned users against ‘Electrum Pro’, but we did not have formal evidence at that time,” Electrum team states.
Even though Electrum only analyzed the Windows binaries distributed by “electrum dot com” as well as the Mac .dmg file, they are convinced that other “Windows binaries are malicious as well.” At the same time, they state that the Linux package has remained unaffected.
Armin Davis from Block Explorer News has confirmed the claim using the same decompilation algorithm as the Electrum team: “We now have proof that “Electrum Pro” is bitcoin-stealing malware. The sha256sum of ElectrumPro-4.0.2-Standalone.zip is f497d2681dc00a7470fef7bcef8228964a2412889cd70b098cb8985aa1573e99. This hash can be confirmed independently using http://archive.org .”
Despite the fact that this is not the first time a fraudulent Electrum-like wallet service appears, Electrum Pro stands out. Thus, unlike the previous cases, they managed to get hold of the electrum.com domain which is similar to the official website — electrum.org — hence maximizing the chances of attracting customers who are not aware of the difference. On top of that, Electrum Pro uses Google Ads to pop above the original website promising that its service is fast, secure and easy to use.
To combat this fraud, Electrum recommends users scrutinize GPG signatures before utilizing the wallet. Electrum has also promised to use Windows native schemes to verify the wallet.
At the same time, it should be noted that so far none of the Electrum Pro users have claimed to have their funds stolen.