Hardware Wallet vs Malware. Demo of Electrum Phishing & Clipboard Malware (Trezor, Ledger, Keepkey)


So I’m gonna do something a bit
different today on crypto scam watch
and I want to have a look at the
Electrum malware versus a hardware
wallet so as you can see we have the
newest official version of Electrum that
is still susceptible to the full rich
text phishing experience. All righty let’s
get phished! We’ll just sand a tiny
transaction to the next address
– just password signing broadcasting ah
here we go so this is the error so
notice there’s no signatures or anything
like that that we want and because we’re
running the old version of electrum we
can just have the clickable HTML
straight in the app so let’s just say we
want the standalone executable for
Windows because the electrumbay.com isn’t
even slightly suss but anyway let’s just
let’s just go along with it
I’ll since I’ve taken forever let’s just
click on their website and have a look
and see what other versions they’ve got
available to scam us yeah why not let’s
download the signature and see okay
so we’ve got our scammy version of
electrum talked a while on download but
now we’re good so just out of curiosity
let’s see how it goes if I try and
verify it
there we go surprise surprise so the
malware version could not be verified
what a shame let’s just run it anyway
and see what happens
okay so it’s letting us send so we can
preview the transaction ah that’s very
interesting we have a look we can see
this scammy version of electrum is
actually sending to a different output
other than the one that we have
specified in the software so if we say
sign and curious to see here we go so
that wants me to enter the password so
we’ll just do that and I’m guessing it
soon as I give it the password all hell’s
gonna break loose
so who signs the transaction and hey
look we’ll just save that one for later
okay so now let’s try the same thing
with the hardware wallets so we want
ones satoshi per byte want to send
everything and when I send to the next
address let’s hit preview so we get
there we go so it is definitely going to
a different address so this is exactly
the same behavior as we saw in the other
one and so here’s the really important
thing so if I’m using my ledger and I
hit sign my ledger is now telling me
let’s have a look
so the amount is correct the address is
not even close so yes we can see here so
the address that we’re being we’re being
asked to send to is actually the same
one that’s being listed here in the
transaction for electrum so that’s a
really good example of just taking the
time to pay attention to the output
screen on your hardware wallet which
immediately makes it obvious that
something is going wrong because if you
were to just stick in the address you
going to pay to and hit Send you’d
actually get no indication that you’re
sending it to the wrong address if
you’re just using a software wallet so
with this wallet this software wallet
that’s unlocked and working and ready to
go if I hit Send right now it will
simply send it to the wrong address
whereas with my Hardware wallet even if
I don’t hit preview but I hit Send it
will say confirm it on my ledger and if
I look at my ledger now the pay to
address is completely different to what
is just here on the screen which to me
I’m like no I’m gonna send that and
there you go so defeated I think it’s
worth saying like who knows what else a
loaded up piece of malware like this
is going to do and hence why I’m gonna blow
this virtual machine away as soon as I’m
done but I think this is a really good
example of the extra security that a
second screen on a hardware wallet gives
you in that although the scammer might
be able to trick you into thinking
you’re sending it to the wrong address
they can’t trick your Hardware wallet in
terms of which address is signing
transaction for so that is a really good
example of that so I’ve just used a
Ledger Nano S in this example and look if
you don’t have a hardware wallet and
this is made you maybe think that that’s
a good idea I’ve got a link for how to
get them in the description definitely
best is to order them straight from the
manufacturer and it should be said that
you know a Trezor would have done
this just as well
I own both so I’m not really biased one
way or the other this is also a really
good example of exactly how our
clipboard malware will work in that
there is a malware out there that what
it will do is it will detect that
there’s a Bitcoin address or something
like that in your clipboard and so it’ll
swap it out with the scammers address so
you’ll think you’re sending your funds
to someone else when really you’re
sending them to the scammer and if you’re
paying attention to where you should be
sending the funds and checking that on
your hardware wallet then that can be a
really powerful way to stop getting
scammed from those sorts of scams – I
hope that gives you a really good idea
about what to look for in terms of the
current electron phishing scams that are
out there and at the very least you need
to update your version of electrum if
you’re not running one higher than 3.3.4
but at the end of the day no matter how
badly compromised your wallet software
is or even your whole operating system
there’s really nothing any of that
malware can do that would cause your
hardware wallet to display fake amounts
of cryptocurrency and fake addresses on
its own screen so as long as you take
the time to check that the address on
the screen matches where you think it
should be going you’ve got a really
powerful advantage there that there’s no
really nothing scammers can do to damage
thanks for watching I hope that was
helpful just hit subscribe if you’d like
to be kept in the loop about future
content I make to help people stay safe
in the crypto space and to recover if
they get into trouble or if there’s a
question you’d like some more
information about or topic you’d like me
to cover in the future just leave a
reply

3 thoughts on “Hardware Wallet vs Malware. Demo of Electrum Phishing & Clipboard Malware (Trezor, Ledger, Keepkey)

  1. Thanks for the video. I know I've downloaded straight from the true Electrum website and have a properly functioning wallet. Is it safe to say that as long as I am not phished, by funds are safe? Version 3.3.3

  2. I was already pretty paranoid with sending BTC, but that's only getting worse. But thanks for making this vid, you may have saved me some money 🙂

  3. Hey, nice video.
    Can exchange wallets also get phished? How can I protect myself when sending cryptos from exchange?

Leave a Reply

Your email address will not be published. Required fields are marked *