YouTube, the video sharing platform owned by Google, mistakenly promoted an advert for Electrum. The Electrum wallet has been a mainstay of the Bitcoin community since it was first created in 2011, over 8 years ago. The ad would direct people who clicked on it to a website that downloaded malicious software onto the user’s computer.
Reddit user finds it first
This is the latest in a series of attacks on users of Electrum. This latest attack was first spotted by a Reddit user /u/mrsxeplatypus. The post was published post two days ago on the popular /r/Bitcoin community. The post contained details of the advert, along with the tricks it used to lure unsuspecting users into clicking it.
The user went on to say that the ad copy even had the proper domain name, electrum.org, in the video ad. However, upon clicking the link, users would be taken to another, similar domain. The typo, in this case, elecktrum.org, would be enough to fool most users. This type of scamming trick, called typosquatting, is an old one… though still an effective one. The user also stated that there was no way to notify Google of the problem with the advert.
TechWeb reported that they had contacted Google regarding the issue. Google’s response was simply that “appropriate action” would be taken.
Series of scams plague Electrum
This scam has been dealt with relatively easily by Google, but Electrum has multiple problems in the last year, with the frequency of scamming and phishing attacks increasing. Particularly in the last 6 months.
In April, an unknown scammer started using electrum.com to allegedly promote services similar to what the original company offered. Electrum clarified on Twitter that the website had nothing to do with them or their business. They also stated that electrum.com was in all likelihood only a repository of malware. The website, known as Electrum Pro, shut down its website a month later. Most experts feel this was part of their exit strategy. However, Electrum Pro owners blamed Electrum for ruining its reputation. There is no concrete information either way.
Later, in December, Electrum was hit with a phishing attack. Hackers used a malicious app to steal almost 250BTC from Electrum users. Then again in February, another phishing scam made its way into the community. Users reported to Electrum that the scam was disguised as a security update and that the phishing scam was trying to access sensitive data.
This has severely hurt the trust that had been built up by the company. Industry insiders have speculated that people will turn to competitors due to the lowering of trust that these attacks have caused. Many in the community believe that Electrum should be doing more to stop these attacks. That, or to mitigate them but providing up to date information and better user experiences.