How Electrum.org Crushed A Bitcoin-Stealing Malware Scam
Electrum.org is a popular wallet software designed to send, receive, and store your Bitcoins. Here is its website:
Electrum.com, on the other hand, is another wallet software. It claims to do what Electrum.org does. And here is its website:
Here we have two wallets. One is real. And the other is not.
Electrum.org wallet has been around since 2011. They have wallets for desktops and mobile phones. And they are popular in the crypto community.
Electrum.com is new. Launched in 2017, they have a wallet called Electrum Pro for desktops.
Electrum Pro Starts Marketing Aggressively
On Google, if you typed Electrum, you will see an advertisement of Electrum.com, revealing how the wallet is fast, secure, and easy-to-use.
To an untrained eye, it is difficult to know this is a new wallet.
The word spread — slowly and steadily. And Electrum.com saw downloads — hundreds and thousands. Anyone can confuse Electrum.com over Electrum.org as, after all, the dot com extension ranked #1 in Google.
Then The Battle Begins
Electrum.org sends out a tweet claiming the dot com version doesn’t belong to them. And the wallet — Electrum Pro — is likely a bitcoin-stealing malware:
Electrum Pro, on the other hand, responds to this tweet and says the wallet is a fork and not a malicious program. They also claim to undergo a security audit:
Rather than dismissing this claim, Electrum.org investigated further. It has a larger community — with thousands of social media following. And it claimed the software is stealing Bitcoins.
Electrum Pro had no community. No credibility. And not many followers.
Then Electrum.org community worked together and reported the other website. Within a couple of days, Electrum.com was shut. It was labelled a phishing website:
If you bypass this warning, you will discover something interesting. Electrum.com is for sale. Because they claim their reputation is ruined and now they are selling the website for 25 Bitcoins:
Electrum.org did everything in its power to bring it down. After all, all this was a naming conflict tricking users to download a different software.
And Electrum.org didn’t want that to happen.
Plus, Electrum.org also published a report on Github (link here) with an explanation that Electrum Pro was indeed a Bitcoin-stealing malware:
The report shows how the scammers managed to buy the dot com version and revealed the malware injected within the code that steals your seed keys.
In most cases, a company ignores such scams. They tweet. And the community agrees. But this time it was different. This time the folks behind Electrum.org exposed and debunked the scam.