PSA: electrum.com bought by scammers to distribute alleged “Electrum Pro” coin stealing malware

17

The official website remains https://electrum.org

The scammers seem to have offered quite a chunk of money to buy electrum.com which was previously used by someone in the US to sell energy drinks / food. The change happened on the 23rd of March 2018 according to whois data.

The domain is registered with godaddy

Domain Name: ELECTRUM.COM
Registry Domain ID: 24034_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2018-03-23T21:33:29Z
Creation Date: 1996-05-15T04:00:00Z
Registry Expiry Date: 2023-05-16T04:00:00Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: 480-624-2505

and the nameservers are currently with cloudflare

 Name Server: LEAH.NS.CLOUDFLARE.COM
 Name Server: LLOYD.NS.CLOUDFLARE.COM

I’m filling the Cloudflare abuse form to report malware. It’d be useful to have people in the US call the abuse phone as godaddy appears to have a history of non-action wrt to complains, so maybe we can get their attention by raising multiple complaints.

If anyone happens to see Google Adwords linking to electrum.com please also report here and to Google as fraudulent.

There is no “Electrum Pro” product at this point. Electrum Technologies uses https://electrum.org and https://github.com/spesmilo/electrum exclusively to distribute Electrum wallet software for now.

Edit: I’ve also reported the domain to https://safebrowsing.google.com/safebrowsing/report_badware/

Edit II: Cloudflare replied they won’t do anything as it does not point to IP addresses of theirs, meaning they offer auth DNS service but nothing else.