Topic: A Feature in electrum wallet - page 3. (Read 596 times)

Ok. The explanations make sense.
Now I understand. Electrum is just a software wallet, and it does not contain any user info.
Moreover, there is no guarantee that a hacker will use Electrum to log in to this wallet.
So, there is no way Electrum can collect that information.

Thanks for the explanation guys.

I have around 0.0x BTC sitting in my wallet at a couple of addresses. Since it wasn't wiped, I guess it's not compromised yet.
But I will create another wallet and move my funds for further security.

There are a few posts that deserve some merits. But I am run out of sMerits.
I hope you guys will evaluate them.

There's no point in repeating the previous replies.

My post is merely pointing that there's something like a feature request for Electrum development.
As my post implies (the bolded part), he should consider the previous posts before deciding to do so.

There is not point in doing so because bitcoin is not stored on a wallet, it is stored on Blockchain. Also because the wallets are locally created. If I am a hacker, I can prefer not to use Electrum at all. He should just not bother himself to report what is not because it is what that can not be done.

You are fundamentally misunderstanding how bitcoin works.

Electrum does not "connect" to a wallet. Indeed, there are no wallets to connect to at all (outside of centralized exchanges in which someone else is holding your coins for you, but even then you are simply connecting to this third party and not to some wallet on the blockchain). Your wallet is simply a collection of your private keys. Your private keys are used to unlock certain addresses and allow you to move the bitcoin on those addresses. The bitcoin itself is not in your wallet - it is on the blockchain. All you have on your computer is a collection of private keys.

Now, if I've managed to access your seed phrase, then I can regenerate those exact same private keys and have them on my computer. How could your computer possibly know if my computer, or if any other computer in the entire world, also holds those same private keys? Think of it like this: You've created an encrypted file which is storing some sensitive data. You set up an alert on your computer to notify you every time that file is decrypted, so you know if anyone else is opening it. However, I plant some malware on your computer which copies this file and sends it to me. I can now decrypt it and open it on my computer, read all the contents, and your alert system would be none the wiser.

Correct. The solution to this is to have good security in the first place, usually by using a hardware wallet or an airgapped device. If you are ever concerned your wallets might be compromised, then set up new secure wallets and transfer all your funds.

As explained, this is not possible because there is no wallet to log in to in the first place. There is simply a collection of private keys stored on your computer.

Feature request are welcome in the official GitHub repository, you can post them as new issue with "Feature Request" in the title.
Link: https://github.com/spesmilo/electrum/issues

But before you do so, please consider the replies in this thread.
The developers are quite piled with work, closing and replying to unnecessary issues will add up to their workload.

Using Electrum wallet means you are using a non custodial wallet so you are fully responsible for your wallet mnemonic seeds, keys and wallet password. If you lose them, you lose bitcoins.

You can consider to set up Electrum multi signature wallet with like 2/3 cosigners and three cosigners should be in three different devices. Chance to see 2 or 3 cosigners compromised together is very slim.

You can set up Electrum cold storage wallet too.
Creating a multisig wallet
Creating a cold storage wallet.

Reliable or not, wallet softwares can have flaws including Electrum. If you use any wallet as a hot wallet, single signature, risk will be higher.

Hackers don't definitely use electrum.
If we have to get your idea workable and in sync with all existing or future wallet apps, first the feature has to be built in the blockchain protocol and one day bitcoin could really not work in some places. It violates the concept of decentralization.

It seems that you do not have a good understanding of how the Electrum wallet, or cryptocurrencies in general, work.

Think of your Electrum wallet as the front door of your house, and you have installed a fancy, state-of-the-art electronic lock or alarm system to secure it. Now, if a burglar manages to get into your house through the back door or an open window, would you really blame the electronic lock on the front door? It is kind of the same with cryptocurrencies – the wallet provides security for what it is responsible for, but there are other factors that can come into play when it comes to overall security.

The first thing you need to understand is that your funds are not actually in your Electrum wallet but on the blockchain. The blockchain is public and accessible to everyone, but the only way to access your coins is with a private key. The Electrum wallet provides you access to manage your coins because it keeps the private keys saved and secured on your device. However, the Electrum wallet has no way of knowing if someone else has access to the same private keys and whether your wallet has already been compromised. For example, you wrote down the backup seed phrase on paper when creating the wallet, right? How will your Electrum wallet know if you intentionally or unintentionally exposed the seed to third parties?

You have already been told that if this is possible, all it will give you is a sense of false security, so why don't you ask more about the things that can give you real security of your funds. You cannot know if your seed phrase or private keys has been used to import your wallet into another device, and Electrum or any other wallet cannot help you with that, whoever has the seed phrase and can prove ownership of the funds through the keys is considered the 'owner' of the funds.

Forget about whatever will give you a false sense of security and buy a hardware wallet or run your Electrum wallet on an air-gapped device, you should also make backups of your seed phrase in more than one secure location. To add more security, you should add a passphrase and have a backup of it in a different location from your seed phrase, or use a multi-sig set up if you know how to do it.

As I said in my previous post, that's not possible.
When you import your seed phrase, your addresses are derived from your seed phrase locally on your device and you can do that even without internet connection. So, it's not possible to implement your suggestion. Also, note that if your wallet is compromised, it's possible that the hacker imports your private key to any other wallet and it's not that the hacker has to use electrum.

Okay. If Electrum cannot detect how many devices are connected to this wallet and when this account was accessed last, then I have nothing to say. But, I believe you will find my point convincing, or maybe not.

Suppose my wallet is already compromised for whatever reason, but it does not have a balance. The hacker will wait until a new deposit comes up.
If I can check that my wallet was logged in from another device or, say, from a different IP, I simply won't deposit to this wallet, and I will be able to escape the hacker. The case I mentioned in the OP was similar. The amount was wiped right after he made a deposit.

Since the wallet is noncustodial and does not collect user info, I don't know if it's possible.
But it would be great if Electrum could detect how many devices are connected to the same wallet.

Surely this user use metamask or trustwallet to hold his ETH so he experienced is irrelevant to electrum while Julerz cases is probably due to malware since he do something on his computer before his wallet got compromised. Probably compromised electrum wallet installer.


This is not possible including the request on this feature since electrum is a non custodial which means they don’t stored user information to their database. We are on our own to protect our assets here.

Such a feature is possible, but completely meaningless. Allow me to explain.

Your wallet contains your private keys, derived from your seed phrase. If your seed phrase or your private keys are leaked, they usually aren't leaked because someone else opened your wallet file, but because your seed phrase was stored insecurely, or there was some malware on your computer that accessed your private keys when you unlocked your wallet, or you imported your seed phrase/private keys in to another less secure wallet or an outright malicious wallet, or you entered your seed phrase/private keys on to a website, and so on. In these cases, any feature which shows the last time you opened your wallet would be completely meaningless and provide only a false sense of security. It would only show the times you had accessed your wallet (which you obviously know about), and would not be able to tell you that your seed phrase/private keys had leaked via other methods.

If you leaked your seed phrase via malware and I had access to it, for example, I could import it to a copy of Electrum on my computer and open your wallet. I could then do anything I wanted, from simply waiting for you to deposit more, to sweeping all your funds at any time. The whole time I have access to your wallet, your local copy of Electrum will happily show you that no one else is logging in to your local copy of Electrum, and it is completely impossible for it to know anything about my copy of Electrum which is also accessing your wallet.

Electrum itself is secure. It's open source. The code has been reviewed by many people and we can be sure that there's no vulnerability in electrum.


This doesn't mean electrum isn't safe. Any online device is prone to hacking and that's not electrum's fault.


No. If your wallet is compromised, you will find that out, when it's too late.


That's not possible at all. Take note that your wallet isn't like an account on a centralized service which you login to that.

No, until it is too late.

It would only be a false sense of security.

If a wallet has been compromised, it will not take more than some seconds to few minutes that the hackers will send the coin to his own address.

For high amount of coins, just be more secure about it. There are more secure ways to follow like offline wallets if setup properly. Or hardware wallet if reputed and open source. Or multisig wallet if setup properly.

Hi guys!
Currently, I am using Electrum 4.3.4, which is not the latest one. But I am okay with it.
Today I saw a thread in the scam accusation board where a guy claims $165K ETH was wiped from his wallet. I don't know what wallet he was using. I have read similar cases in this forum. A campaign manager named Julerz was hacked, and he used Electrum then. I am afraid about it. Even though I never keep my private key online, is there any way I can check if my wallet is already compromised or not? Is there any wallet that shows login logs? Do you guys believe we can request such a feature from some wallet providers, and do you think they may consider it? I don't know if Electrum has such a feature or not.

I appreciate community feedback about it. Is there any way we can request such a feature from Electrum, as it's the most reliable software wallet at this moment?