This post is also available in: Deutsch
The attacker utilized malicious servers to connect to victims’ wallets and gain access to their funds. The phishing attack came across as semi-legitimate since it displayed a rich text error prompt that asked users to upgrade to the ‘new’ Electrum wallet version. Unfortunately, the download was malicious in nature and a scam url, but was well hidden from unsuspecting users. Further, the attacker setup numerous malicious node to increase the chances of individuals connecting to the malicious servers. Thus, the attack can loosely be considered a sybil attack.
Electrum has since tweeted out updates on the attack and released an official version 3.3.2 on their website “electrum.org/#download” to mitigate the attack. Their website also details more information about the attack.
Warning: there is an ongoing phishing attack against Electrum users, where rogue Electrum servers ask users to install malware. We released version 3.3.2, which mitigates the attack. See https://t.co/Y2DXoUyOgk— Electrum (@ElectrumWallet) December 31, 2018
“Warning: Some malicious servers have started a phishing attack against Electrum users. When asked to broadcast a transaction, malicious servers reply with an error message, directing users to download a fake version of Electrum. DO NOT download Electrum from another site than electrum.org.”
Need for concise asset protection
The attack exhibits that not all cryptocurrency and electronic thefts have to involve complex hacking, but can simply be a well disguised trick to get users to make the ultimate mistake of giving their money away. While large and vigilant communities can help mitigate these attacks and reduce their effects, they can still have a significant and lasting repercussions on the initial victims that lose money. Ultimately, this expected probability of loss is still factored into consumer and merchant adoption decisions that will make them wary of future use. Thus, it creates a need for simple money protection that consumers and merchants can easily trust and use.
Cryptocurrency has to compete with current mainstream payment processors, which are already sometimes a pain to deal with when disputing charges. However, they can also offer something that cryptocurrency cannot; simply taking a loss for theft and giving consumers their money back. So to compete, cryptocurrency has to simultaneously campaign on asking consumers and merchants to take on more financial responsibility in exchange for more savings, as well as also offer simple money protection and/or guarantees.
Dash is pursuing a simple, working solution
Dash recognizes that to become digital cash, it has to be better than current payment solutions. Dash focuses on educating consumers about cryptocurrency to enhance usability, but also recognizes that most consumers do not want to change their habits. This means that Dash is not only fast and inexpensive, but also striving to be just as reliable as other payment methods without too much addition work for consumers nor merchants.
First, Dash is pursuing ChainLocks powered by Long Living Masternode Quorums (LLMQs), which is a grouping of a few hundred Dash Masternodes that randomly rotate. These developments allows Dash to scale while also providing protection against sybil attacks of individuals spinning up many masternodes to take control of the consensus process. Dash is also pursuing upgrades such as usernames so consumers can more easily detect bad actors by names rather than by reading complex alpha-numeric addresses. Then the large Dash community, both online (forums, websites, and chat groups) and in-person (Dash Help, Dash Merchant – Venezuela) provide additional support to anyone looking for answers. Additionally, the Dash Treasury just funded the continual development and support of the Dash Electrum wallet to ensure it is in proper working order. The combination of the coding and community infrastructure helps build more confidence within consumers and merchants that Dash will be resilient in securing long-run wealth.