A long-time holder was unfortunately taken for their 1,400 BTC – over $16 million worth of Bitcoin – in a wallet exploit. But how were hackers able to make off with this user’s cryptocurrency? And what can others do to avoid the same situation from happening to them?
Crypto Crime Takes A Bow But Is Just As Active Behind The Curtain
Due to the lowered frequency and severity of big crypto exchange hacks compared to the past, Bitcoin-related hacks have since cooled off in the media.
Phishing attempts, ransomware, and SIM-card hacks are just three examples of crypto-related crime that isn’t widely covered.
Related Reading | Dangers of DeFi Hype Surface Following One-Hour Crypto Scam
It wasn’t until recently when several high profile Twitter accounts of celebrities, politicians, and company CEOs were hacked as part of a phony Bitcoin giveaway scam.
Hacks are commonplace in crypto, but it is only when there’s something of significance attached does it make the news. And a new hack uncovered involving over $16 million in stolen BTC could be the next headlining story to make it to publishing.
BTCUSD 1400 BTC = Roughly $16,000,000 USD | Source: TradingView
How Hackers Were Able To Steal 1400 Bitcoin, Over $16 Million In USD Value
According to the appropriately named GitHub user ‘1400BitcoinStolen,’ the enormous sum of BTC matching his username is now gone in part of a hack involving the Bitcoin wallet Electrum.
The fault is not of Electrum’s nor really the user’s, but it does put a spotlight on the importance of two key issues.
— Ben Verret (@verretor) August 30, 2020
The user utilized Electrum software from the last time they accessed their BTC in 2017. Electrum has since issued security updates that this user hasn’t yet installed.
Before they could move their Bitcoin, they were prompted to update and patch potentially critical issues. But when they did, the software contacted the hacker’s server using an exploit that the real security update would have likely prevented. 1400 BTC was immediately emptied from the wallet and into the hacker’s – a somber reminder to always keep software up to date.
Related Reading | The Most Common Bitcoin Scams And How To Avoid Them
Because Electrum is a “light client” software engineer Ben Kaufman explains in a deeper Twitter thread on the subject that this means the software must connect to a public server before it is then be connected to the blockchain.
It’s this trusted third-party acting as a middle man where hackers were able to exploit the process – the other key reminder to never trust third-parties with your private keys.
This unfortunate user likely can’t get their funds back, but others have been luckier. For those that experience this issue and act fast enough can potentially “double-spend” over the transaction if the hacker used a low enough fee.
For everyone else, let this be a reminder to keep your software up to date and to rely on cold storage methods whenever possible.