In brief
- A GitHub user claimed that he lost 36.5 Bitcoin due to an exploit in his old Electrum wallet.
- This follows another report of 1,400 BTC lost to the same vulnerability.
- Electrum developers suggested that victims should report the lost money to the police.
Yet another GitHub user has claimed that he lost 36.5 Bitcoin (BTC) due to an exploit in an outdated version of Electrum wallet, adding over $430,000 to the cache of 2,171 BTC (roughly $25 million) the hackers have reportedly stolen this way since late 2018.
As Decrypt reported yesterday, a GitHub user claimed that he lost a whopping 1,400 BTC (around $16 million) after accessing his Electrum wallet for the first time since 2017. The over a year old—and patched since then—exploit triggered a mass transfer of funds to an unknown address. But as it turned out, this wasn’t its only recent victim.
“I had a similar situation 2 months ago. 36.5 Bitcoin was stolen from my address,” replied a GitHub user called “Cryptbtcaly,” adding that, “Some of the stolen Bitcoin went to Binance, but they ignore my appeals and do not return.”
While this victim claims that Binance hasn’t taken action on his theft, the exchange did take action on the previous one of 1,400 Bitcoin. Regarding the bigger theft, Binance CEO Changpeng Zhao stated that the exchange decided to blacklist the alleged hackers’ address.
Not your code, not your funds. Beware of this Electrrum official update. This guy lost 1400 BTC, and plenty of others lost funds too. https://t.co/5AaMKIXnFK
— CZ Binance (@cz_binance) August 30, 2020
“Not your code, not your funds. Beware of this Electrrum (sic) official update. This guy lost 1400 BTC, and plenty of others lost funds too," Zhao tweeted.
As the exploit continues to claim new victims, Electrum developer Thomas Voegtlin suggested that the affected users should report the lost money to the police, further noting that there is currently an ongoing investigation.
“There is a police investigation going on in Germany and in the UK. We (electrum developers) have reported the phishing attack to the police about a year ago,” wrote Voegtlin on GitHub, adding “I cannot make any comments about the progress of the investigation, but it helps if victims report it independently.”
At the same time, eight million BTC—or 44% of Bitcoin’s circulating supply—haven’t moved for at least two years now, according to crypto analysts at Glassnode. So there are more “sleeping” coins that could still fall victim.