An anonymous Bitcoin user is claiming to have lost $16,000,000 (1400 Bitcoins) due to installing an old Electrum wallet version that is running malicious servers.

The user created an issue and explained what happened on the official Electrum’s github page.

It seems the victim was using an infected version of Electrum wallet that asked him to install some sort of malicious updates that triggered the transfer of hist entire Bitcoin balance to a scammers address.

According to bitcoin blockchain the transfer of the stolen funds happened yesterday.

Electrum is a light client, which means it must connect to the blockchain through a server, which by default is chosen from a list of public Electrum servers. Anyone can operate such a public server and some users will be randomly connected to it.

When broadcasting a transaction on Electrum, it gets sent to the Electrum Server you are connected to for propagation to the network. The server should try to add the transaction to its mempool and further propagate it to other Bitcoin nodes.

it seems the attackers have set up a public Electrum Server targeting the old wallets’ users, which was tweaked so that instead of propagating the user’s transaction as it should, it always returns a malicious error message directing the Electrum clients to a phishing website to “upgrade” their Electrum version.

The only way to keep your Bitcoin and other digital currencies safe is to either use an offline wallet or a trusted hardware wallet.