Electrum wallet users must visit Electrum’s official site https://electrum.org/ to see the warning message written on Electrum’s home page below the header section.
Just see the warning message posted on Electrum's home page:
Warning: Some malicious servers have started a phishing attack against Electrum users. When asked to broadcast a transaction, malicious servers reply with an error message, directing users to download a fake version of Electrum. DO NOT download Electrum from another site than electrum.org. More information here
A user has already lost almost 250 Bitcoin worth of about $937,000 in this fishing attack. Electrum has also confirmed the attack which creates a fake version of wallet. A bunch of malicious servers established by the hacker sends messages to users to update their Electrum Wallet. Once they update their wallet and give login credentials, the hacker got all the information.
Reddit user u/normal_rc explained:
“If someone's Electrum Wallet connected to one of those servers, and tried to send a BTC transaction, they would see an official-looking message telling them to update their Electrum Wallet, along with a scam URL.”
Electrum never asks for two-factor authentication code during login process. It is asked when a user try to send or transfer their fund after logged in the wallet. But the affected users mistakenly submitted their two-factor authentication code and thus they lost their entire fund.
One victim continued in another Reddit post, adding:
“I kept trying to send and kept getting an error code ‘max fee exceeded no more than 50 sat/B [satoshis per byte]’ I then restored my wallet on a separate pc and found that my balance had been transferred out in full[.]”
The entire stolen amount has been transferred to one main address which is currently showing about 245 BTC.
Electrum mentioned regarding this phishing attack on his twitter account today:
“[t]here is an ongoing phishing attack against Electrum users” and implored users to check the validity of the resource they were logging into.
Electrum also suggested users to download the wallet software from their main website https://electrum.org/ instead of other source. So Electrum users must be careful before logging into electrum website. Check the URL to verify the website address.
Source:
https://cointelegraph.com/news/phishing-attack-on-electrum-wallet-nets-hacker-almost-1-million-in-hours-report