Crypto wallet Electrum Pro sends cryptographic keys of users to a third-party domain

Developers of the bitcoin-wallet Electrum warned users about the malicious "clone" of the wallet. The document published on GitHub provides step-by-step instructions on the decompilation of the controversial application.

Electrum’s team suspected something after Electrum Pro emerged in March 2018, because the name of their product was used illegally. In addition, the malefactors registered the domain electrum.com that is quite similar to the real domain of Electrum - electrum.org.



However, as it turned out, the malefactors went beyond using a famous brand name for their benefit. Developers of the original wallet decompiled Electrum Pro and found the code responsible for obtaining cryptographic keys of users and transferring them to electrum.com. These keys provide access to crypto wallets, and it becomes quite easy to steal the money.



According to the developers at Electrum, when a user creates or restores their wallet through Electrum Pro, the application sends his cryptographic key to electrum.com.



One question is left unanswered: why the developers of Electrum hadn’t addressed the cybersecurity company at once when the fake domain was created? Don’t they know that even a single phishing email can cost $1.9 million? In 2017, Chainalysis found that phishing domains were responsible for more than 50% of all cybercrime revenue, which is, by the way, amounted to between 1 and 5 million U.S. dollars.



Although no reports of stolen funds from Electrum Pro have been received at the moment of this publication, the risk is still on. Responsible companies that do care about clients and own reputation, order anti-phishing services.

