Topic: A Feature in electrum wallet (Read 562 times)

Well, if it has served your purpose, I suggest you lock it. Most people tend to open their own topics when they have specific questions.

These are old laptops. I don't even know how many slots it has. But eight gigabytes of ram is not bad for browsing only laptops as I do no nothing with that. As I said, I have a desktop for my daily use with 16 gigabytes of RAM. Most of the time my wife watches youtube with that laptop. Anyways, I am not sure if I should lock this thread or remain it open in case someone has similar questions.

I believe that most modern operating systems will accept and utilize whatever amount of RAM you have installed in your system (as long as you meet the minimum requirements). However, the general rule is that more RAM equals better performance. And since RAM is cheap these days, there is no reason not to fill as many slots as the system can accommodate.

I think most operating systems need less than eight gigabytes of RAM. I remember my old laptop has four gigabytes of RAM, and I replaced it with eight so I can browse faster. It had an HDD, and I replaced it with an SSD to work smoothly.

I have a desktop for my daily use. So, I don't have to set up a dual boot on my laptop. I will consider setting up Linux based OS very soon (Whenever I have some time).

I had my old cheap HP laptop from China with 4 GB RAM and 1.6GHz Intel Celeron N3050 Processor Dual Core. 500 GB HDD and I could dual boot Windows 10 and Ubuntu 20.04 LTS (Focal Fossa)
I don't think you will find many challenges with getting used to Ubuntu OS. If you do, you can search the so many forums dedicated to Linux, and you will get what you want.

Among Linux systems, there are options for weak computers, although your data with eight gigabytes of RAM will fit perfectly on other Linux that require more RAM.
If you do not need embellishments, then the choice of the Xfce desktop environment will completely satisfy you with its nimbleness and unpretentiousness.

Well, I am saying this because I am already familiar with windows supported software which I use for editing videos and sometimes Photoshop as well. I do scan documents and I don't know if the Epson scanner and printer software is available for Linux or not. I am unsure if Canon has software for Linux or not. I understand that there might be alternatives for this software, But it takes time for someone one learn everything in new software. I have a secondary laptop which is a low config (It says intel Pentium 3558U @1.70GHz) I don't even know what generation is it. It has only 8gb ram installed and 120GB SSD. I guess I can use it for this crypto stuff. The dual boot mode seems good as well.

"Just because of the security reasons?" Well, for many people, that's the only reason strong enough to take the plunge and migrate to a Linux OS. But I suppose it ultimately depends on each individual's preferences and priorities. I think it all comes down to what you mainly use your computer for. If it's mainly for internet stuff, multimedia, and basic office tasks like text editing, transitioning to the new OS shouldn't be too challenging. However, if you're into gaming, heavy graphics work, CAD, video editing, or 3D design, you might face some difficulties with Linux. Many popular apps, such as Adobe's graphics and video editing tools, aren't yet available in Linux versions, making it a bit of a struggle for those specific needs.

As Cricktor suggested, getting a second device solely for a Linux system might be a good solution. However, if your budget is limited, you can also consider setting up your PC in dual OS mode. This way, you'll have the flexibility of running both operating systems on the same machine and selecting which one to boot every time you start it up. Additionally, you can explore virtual PC software, which enables you to run one OS "inside" another OS, giving you more options to experiment and explore Linux without fully committing to it.

If you can afford it, setup a cheap laptop, e.g. 6th- or 7th-generation Intel Core i5 which is not officially capable to run Win 11, with Linux Mint or Ubuntu as suggested. Those laptop are pretty cheap as companies are starting to replace them. Business laptops are usually better built and easier to replace parts.

Use this Linux system only for crypto coin stuff, not as a daily driver. Limit its exposure to everyday Internet stuff.

With that you could keep your current system and do your daily Internet shit on it (Internet shit is not necessarily meant negatively, it's just what people do day in, day out; your daily stuff should be kept away from your crypto stuff, though). Try to make a strict separation, it usually pays off with some more security because there's less exposure.
You then wouldn't need to migrate a lot of your data. Just move all your crypto coin stuff to the new Linux gear and also think about getting a decent hardware wallet, too, even if you're on a Linux box.

I had a discussion with my friend about switching OS and he also suggested the same thing. Either Linux mint or ubuntu. If I switch the OS, I have a lot of things to do. My Computer drive has a lot of files which I have to move and rearrange everything. I don't know how secure Linux is. Since you guys suggested it, do you believe it is worth doing some work to switch the OS just because of the security reason? I heard Linux users can be targeted as well if a user is an average Joe.

This is another reason I avoid using these 2FA wallets. Multi-sig is good not just because it makes your actual electronic wallets more secure, but also because it makes your physical back ups more secure. In a proper 2-of-3 multi-sig, an attacker needs to compromise two separate back ups to be able to access your wallets, which should be exponentially harder for them than accessing a single back up, and hopefully you have an arrangement where if one back up is accessed you will be aware of this and can take steps to move your coins to a new wallet. With Electrum 2FA wallets, this is completely lost, and your back ups are no more secure than that of a regular single sig wallet, since all the necessary keys can be derived from a single seed phrase.

It is even better to have your wallet on a single device than two devices. If you have desktop Electrum, no point to also have it on mobile as that will reduce its security. So you are correct.

As for the pin, that is not that necessary as it does just the work of desktop Electrum password which is also needed for making transaction, checking seed phrase and private keys. If you use a strong password on your Electrum, you are good if not known to people. What that just make the pin unique is that it is different from the password, but if you are careful while entering your password and making sure no one is spying to know your password, you are good.

Not like the 2FA on those centralized exchanges, you have nothing to lose and you have no KYC verification to make. You can disable it just as hosseinimr93 posted already. Electrum 2FA is 2-of-3 multisig. You have 2 private keys and 3 public keys. One if the private keys is with TrustedCoin. You need 2 private keys for signing transaction, 1 from TrustedCoin and the other from one of the 2 private keys with you. If you disable 2FA, you will be able to use your first and second private key to sign transaction. People that choose to disable the 2FA are people that lost their 2FA device due to carelessness, or maybe you do not want to pay the TrustedCoin fee for signing transaction from their server.

It is worth knowing that 2-of-3 multisig is of higher fee than single sig and single pubkey wallet in addition to the fee of the 2FA wallet which is 2-of-3 multisig.

I also don't like electrum 2FA wallet as it charges extra fee. But note that even if you use electrum 2FA wallet, you will still have full control over your fund and there won't be any trouble if you keep your seed phrase safely. Two of master private keys and all three master public keys can be derived from seed phrase of a 2FA wallet and if you have the seed phrase, you can disable 2FA at any time.

Okay. I got it. I did not install Electrum on my mobile device as I install many apps from unknown sources which may contain malware or viruses. Even though I check what permission that app asks for, still I don't want to install it on my Android as it's more vulnerable. As o_e_l_e_O mentioned, I also do not like enabling 2FA with 3rd party as it charges more fees and who knows, they may cause trouble sometimes.

It is referred to as a passphrase extensively throughout the Electrum code. For example, here is where the prompt is defined:

https://github.com/spesmilo/electrum/blob/f4f88f42942e7cc3d4bc67ba4fa8a24bbb996e83/electrum/base_wizard.py#L494-L498

And here is where the passphrase is combined with the seed phrase:

https://github.com/spesmilo/electrum/blob/f4f88f42942e7cc3d4bc67ba4fa8a24bbb996e83/electrum/mnemonic.py#L169-L174

It is common practice to use the term passphrase to refer to seed extension words, regardless of which wallet or derivation scheme is being used.

Correct. But this is completely off-topic and you are derailing this interesting thread. No one is comparing BIP39 seed phrase and Electrum seed phrase. While referring to HD wallet, seed phrase is the extended word. This is about HD wallet, not the difference between BIP39 seed phrase and Electrum seed phrase.

Electrum wallet does not use BIP39!

Electrum wallet seed version system

https://github.com/bitcoinbook/bitcoinbook/blob/develop/ch05.asciidoc#mnemonic_passphrase

If you use different custom words for two wallets, you will have two different wallets. They are not a same wallet with same receiving addresses.
If you create the wallet with Electrum mnemonic seed and you import it, if you choose BIP39, it will show Checksum failed.

@tranthidung

Z-tight is absolutely correct. Passphrase is the extended word. From his previous posts and our discussion, it is clear that he meant passphrase (extended word) which he called it.

Passphrase can be regarded as password, and also as the BIP38 encryption password. But Z-tight is definitely correct. In this discussion, it is clear that passphrase is not password. While referring to seed phrase, passphrase is the extended word.

No, i am not!
Passphrase, custom words, 13th or 25th word, seed extension, etc, they all mean the same thing, and since passphrases are a bip39 standard, then it is the appropriate word to use as defined there:   https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki#From_mnemonic_to_seed

Above all you are confusing yourself. Password and passphrase.

Wallet passphrase is only used in Bitcoin Core but it is a password. The wallet passphrase is to lock and unlock your Bitcoin Core wallet.
Bitcoin Core, walletpassphrase command

In Electrum wallet, nothing is called as wallet passphrase. What you implied with wallet passphrase is indeed extended words. When you create a wallet with Electrum software, if you click on Options, you will see "Extend this seed with custom words". Nothing is called as wallet passphrase like you described.

The password is to protect your wallet file.
"Choose a password to encrypt your wallet keys.
Leave this field empty if you want to disable encryption"

Please check it yourself. I am on topic and correcting you because we are discussing about Electrum wallet, not Bitcoin Core wallet.

I don't think you read my post correctly. I wasn't talking about a password but a passphrase, which is another layer of protection that works by extending the seed phrase and adds more protection to your funds, because if an attacker gets your seed phrase, they won't be able to steal your funds without the passphrase.
Yet again i wasn't talking about a password, and if you have a very strong passphrase and your seed phrase is stolen, it is very difficult for an attacker to brute force your passphrase, so your funds would not be stolen.
When you extend your seed phrase with a passphrase, a new wallet is created or generated and to open this wallet you must use the combination of your seed phrase + passphrase, but with just your seed phrase only your base wallet will be opened, and you can call it a 'dummy' wallet because it can be used to set up a situation of plausible deniability.

It is right.

It is inaccurate.

Seed phrase is seed phrase and its security depends on the BIP (Bitcoin Improvement Proposal) used to create it. It does not depends on the password to protect the wallet file created by that seed phrase. A wallet password is used to protect the file and you must differentiate two things: cracking the seed phrase is different than crack the wallet password.

It is true that if the hacker only can not hack the wallet password and can not have your seed phrase, your bitcoin will not be stolen. If the hacker can get your wallet password or your seed phrase, it's done, your bitcoin will be stolen.

but
A wallet with a password is not called as a dummy wallet, dummy means empty. You can use different passwords (like 3 different passwords) for 3 different wallet files with a same seed phrase but all of three wallets are not dummy.

Also it would be requested for when you want to check your seed phrase and private keys. But you can no more see the private keys of your addresses on mobile Electrum anymore in the recent updates.

On Electrum, you can be able to see the seed phrase together with the passphrase. Malware like screen scraping malware would be enough to steal both seed phrase and passphrase.

On Bluewallet, the passphrase is not with the seed phrase, maybe that will not be possible on Bluewallet.

For offline attack, a strong passphrase is enough.

---

There is nothing better more than to avoid malware.

This pin will only protect you from an attack on your local wallet file, it won't protect you if an attacker knows your seed phrase or your private keys. If an attacker has your seed phrase, they will steal your funds by importing your wallet on their own device and spend the funds, setting up a pin for payment can't protect you from that.

A passphrase is most appropriate if you want to add more security to your seed phrase, this will allow you have a 'dummy' wallet and another wallet that is protected by a passphrase, so even if your seed phrase is exposed to an attacker, they can't steal your funds without the passphrase.

I did, haha, but the typo is appropriate. Windows is a problem.

Yes. You can set up a 2FA in Electrum, in which case you require the authorization of a third party called TrustedCoin in order to make a transaction. You will need a 2FA authenticator app on a separate device to your wallet. In addition to paying a higher transaction fee because your transactions are larger since they are now a 2-of-3 multi-sig instead of a regular single sig, you also have to pay a fee to TrustedCoin for co-signing every transaction that you make.

I dislike this solution because I dislike involving third parties in my wallets, and I definitely don't want to pay them a fee for being involved in my wallets. If you want the security of a multi-sig, then you can set up a multi-sig yourself using multiple devices.

Agbe is referring to a feature which is available on the mobile version of electrum.
In the mobile version of electrum, you can set a pin code which is a 6 digit number and will be asked from you every time you want to make a transaction. That's different from the 2FA code in the 2FA wallet that is provided by a third party called trustedcoin.

I guess I heard about this before. Did you mean Windows Program? I have to move all my stuff to a separate SSD in case I mess with setting up the new OS. I am too lazy to do these things, and I fear my laziness might cost me a considerable loss. I will have to see some youtube videos regarding how I can run Windows programs in Linux. I was aware of this, but my brain was turned off for some reason.

My wallet is already encrypted and needs a password to make a transaction. I don't remember if I have seen the pin thing. Is the 3rd party 2fa thing available in Electrum, which may cost extra transaction fees?

Thanks for the security tip. I will keep that in mind.

Electrum is a non custodial wallet which is also decentralized, so it is very hard for unknown hacker to hack your wallet unless the hacker knows yours wallet details. Therefore, the best way for you to secure your Electrum wallet is to keep your password, seed phrase away from sight of people and you don't have to tell people about it. Securing your wallet is your personal issue mostly if you have big amount of funds inside.
You can still on the pin for payment so that whenever you are doing transaction it will request the pin before you click the pay button. And if the person only know your password and seed phrase, he can't transfer your coins without the pin.

Security advise #1: don't show off the amount of coins you have, regardless of the amount, as there's no need for. The higher the disclosed amount is, the more reckless it would be. (I have intentionally removed the number in your cited text but it's now public and cited by someone else anyway.)



Security advise #2: o_e_l_e_o already mentioned the very importance to verify the downloaded files of Electrum or any other wallet software. Never skip this! (Refuse to use Google or other engine search to find the download as fake Electrum copies pay to be on top of search results!)

I don't update my Electrum immediately when a new version is released, unless there's an urgent security issue in the release notes. I wait some days (varies) until a new version "matures" and no issues show up. At first e.g. I didn't like all new changes in the v4.4.x branch, but it's no solution to deny and stay on v4.3.4, so I accepted the new features and life goes on.

By no means complete, a lot of good suggestions have already been given.

For people moving from Windows, I usually suggest Linux Mint as a starting point. It is (as far as I am aware) the Linux distro with the most similar look and feel to Windows, so it eases the transition. It is also fairly newbie friendly and has a good amount of guides and troubleshooting online, as well as a good sized community which will help with any problems you might run in to.

In terms of software, then there are four options available to you if your particularly piece of software won't run on Linux -

• Find an alternative piece of software which does run on Linux (bonus here is the alternatively will probably be FOSS)
• Use Wine to run Windows programs inside Linux
• Dual boot, although doing this means you still end up with Windows on your device and you lose a lot of the benefits of moving to a Linux OS
• Have one Linux machine, and one Windows machine

Thanks, everyone for the suggestions!
I will make sure to use a new OS or a fresh OS to create a new wallet.
I understand that using a malware-affected computer and creating another wallet on the same device is useless.
I am using Windows 10 at this moment. I wanted to move to Linux but I never used it.
I am not sure if I will understand the new interface. Moreover, I am afraid of losing my current files and software that are available.
I don't know if I will be able to find this software for Linux.


Once again, Thanks, everyone!

If it is phone, do not leave huge amount of money on mobile wallets.

If you have high amount, go for airgapped option or hardware wallet. If you want to leave it untouched, you can use a paper wallet that is created on HD wallet like Electrum with passphrase recommended. Backup the passphrase and seed phrase differently in different locations.

For the low amount you have on your phone, you can still avoid malware. I am using Android  as example, but likely you will be able to do this on your iOS devices.

After formating your phone, go to Playstore -> settings -> network preferences and set app download preference to 'ask me everytime.

 

Always make sure that other apps are not allowed to install apps. Assuming you have just downloaded Electrum from https://electrum.org, you give the browser/app the permission to install app from unknown source. After you install Electrum, go to settings and disable back the browser to install from unknown source. Check other apps and browsers too to uncheck the ones that are checked to install from unknown source.

Make use of good browsers like Tor, Duckduckgo mobile (not the desktop version in beta, although not about this discussion) or Firefox. Use ad blocker, but still always avoid ads and link ads.

Visit the correct URL and avoid torrent files.

If you have another mobile device, you can go for Electrum 2FA wallet or multisig wallet. Electrum 2FA wallet has extra fee.

I have been somehow compromised lately. Here is the topic if you feel like checking it: https://bitcointalksearch.org/topic/i-thought-i-would-never-get-hacked-5461230

There is no way to tell if your wallet is compromised.

If you have second thoughts for some reason, I suggest you take immediate action sending your funds to another wallet that you own. Personally I also performed a factory reset on my phone.

If the device is airgapped, it will not connect to the internet. Bluetooth and WiFi card removed. Open source OS like Linux is recommended.

The purpose of having a watch-only wallet is not because you do not want to be opening the wallet on an airgapped device often. If you properly setup up the airgapped wallet, it is airgapped and safe.

The purpose of watch-only wallet is to for making PSBT (unsigned transaction), broadcasting transaction signed on an airgapped device and to easily know the total amount of your coins. For making transaction, you need to open the airgapped wallet and it will receive the unsigned transaction and sign it.

If 0.04 BTC is a good investment for you and you are skeptical or afraid, then I suggest that you read a little about how Bitcoin works and the basics of creating an airgapped system. It may be appropriate for you to buy a hardware wallet according to your budget, but without creating a new wallet in an environment that did not and will not connect to the Internet, or at least it is safe ( An open source OS, you do not download applications of unknown sources or randomly click on links) you will not get rid of these doubts.

creating a watchonly wallet would be a better option instead of reopening your wallet from time to time.

The story of 165K ETH may not be true, and Julerz coins had stolen because of malware, as the coins were stolen as soon as the wallet was opened, so the hackers might not have waited until the new BIG transfer happen.

Again, when you open your wallet, you are not "logging in" to anything. You are simply accessing the private keys and their derived addresses which are already stored on your computer.

And most importantly, verify your download before you install it. [GUIDE] How to Safely Download and Verify Electrum [Guide]

There is no vulnerability in the version of electum which is used by OP and it's not that the new version is more secure than that.
Usually, the new versions are released due to some improvements that have nothing to do with security of the wallet.

First things first, you are worried about the security of your wallet, but at the same time you are ok to use the previous version of the Electrum and not want to upgrade it. Do you know that every new version comes with some sort of security enhancement or at least remove any vulnerabilities found in the previous version.

Yes, if the computer is malware effected, or you share your seed with anyone, you may lose your funds but do the basis first.

Latest Electrum version is Electrum-4.4.5 which was released on June 20, 2023. Download it ASAP if you haven't done already.

Right. So, assuming you do not fully trust your current device (PC, smartphone, etc.) and want to take a step further to secure your wallet, it is best to follow hosseinimr93's suggestion and create your new wallet on an air-gapped device.

Probably the simplest method is to download a copy of Tails portable OS from the official source, prepare a freshly formatted USB drive, and create a bootable version on it. Turn off your computer, disconnect it from the Internet, and start the Tails OS from the USB drive. Electrum wallet comes already pre-installed and you can proceed with creating your new wallet. Write the backup seed phrase on a piece of paper that you will keep in a safe place and copy the xPub key to a USB that you will later use on your live device (PC or mobile) to create a watch-only wallet. This way, you can be pretty sure that your new wallet won't be compromised, as long as the backup seed is safe and protected from access by anyone but you. This type of wallet is good for long-term hodl, assuming you are not ready to invest in buying a hardware wallet.

If you are going to create the new wallet in the same device and in the same way, it would be as secure as the wallet you are now using an you wouldn't really increase your security. 
After some time, you will probably worry about the security of your wallet again and you will think of creating another wallet.

If you want to be completely secure, you should create your wallet on an air-gapped device or go for a hardware wallet.

Ok. The explanations make sense.
Now I understand. Electrum is just a software wallet, and it does not contain any user info.
Moreover, there is no guarantee that a hacker will use Electrum to log in to this wallet.
So, there is no way Electrum can collect that information.

Thanks for the explanation guys.

I have around 0.0x BTC sitting in my wallet at a couple of addresses. Since it wasn't wiped, I guess it's not compromised yet.
But I will create another wallet and move my funds for further security.

There are a few posts that deserve some merits. But I am run out of sMerits.
I hope you guys will evaluate them.

There's no point in repeating the previous replies.

My post is merely pointing that there's something like a feature request for Electrum development.
As my post implies (the bolded part), he should consider the previous posts before deciding to do so.

There is not point in doing so because bitcoin is not stored on a wallet, it is stored on Blockchain. Also because the wallets are locally created. If I am a hacker, I can prefer not to use Electrum at all. He should just not bother himself to report what is not because it is what that can not be done.

You are fundamentally misunderstanding how bitcoin works.

Electrum does not "connect" to a wallet. Indeed, there are no wallets to connect to at all (outside of centralized exchanges in which someone else is holding your coins for you, but even then you are simply connecting to this third party and not to some wallet on the blockchain). Your wallet is simply a collection of your private keys. Your private keys are used to unlock certain addresses and allow you to move the bitcoin on those addresses. The bitcoin itself is not in your wallet - it is on the blockchain. All you have on your computer is a collection of private keys.

Now, if I've managed to access your seed phrase, then I can regenerate those exact same private keys and have them on my computer. How could your computer possibly know if my computer, or if any other computer in the entire world, also holds those same private keys? Think of it like this: You've created an encrypted file which is storing some sensitive data. You set up an alert on your computer to notify you every time that file is decrypted, so you know if anyone else is opening it. However, I plant some malware on your computer which copies this file and sends it to me. I can now decrypt it and open it on my computer, read all the contents, and your alert system would be none the wiser.

Correct. The solution to this is to have good security in the first place, usually by using a hardware wallet or an airgapped device. If you are ever concerned your wallets might be compromised, then set up new secure wallets and transfer all your funds.

As explained, this is not possible because there is no wallet to log in to in the first place. There is simply a collection of private keys stored on your computer.

Feature request are welcome in the official GitHub repository, you can post them as new issue with "Feature Request" in the title.
Link: https://github.com/spesmilo/electrum/issues

But before you do so, please consider the replies in this thread.
The developers are quite piled with work, closing and replying to unnecessary issues will add up to their workload.

Using Electrum wallet means you are using a non custodial wallet so you are fully responsible for your wallet mnemonic seeds, keys and wallet password. If you lose them, you lose bitcoins.

You can consider to set up Electrum multi signature wallet with like 2/3 cosigners and three cosigners should be in three different devices. Chance to see 2 or 3 cosigners compromised together is very slim.

You can set up Electrum cold storage wallet too.
Creating a multisig wallet
Creating a cold storage wallet.

Reliable or not, wallet softwares can have flaws including Electrum. If you use any wallet as a hot wallet, single signature, risk will be higher.

Hackers don't definitely use electrum.
If we have to get your idea workable and in sync with all existing or future wallet apps, first the feature has to be built in the blockchain protocol and one day bitcoin could really not work in some places. It violates the concept of decentralization.

It seems that you do not have a good understanding of how the Electrum wallet, or cryptocurrencies in general, work.

Think of your Electrum wallet as the front door of your house, and you have installed a fancy, state-of-the-art electronic lock or alarm system to secure it. Now, if a burglar manages to get into your house through the back door or an open window, would you really blame the electronic lock on the front door? It is kind of the same with cryptocurrencies – the wallet provides security for what it is responsible for, but there are other factors that can come into play when it comes to overall security.

The first thing you need to understand is that your funds are not actually in your Electrum wallet but on the blockchain. The blockchain is public and accessible to everyone, but the only way to access your coins is with a private key. The Electrum wallet provides you access to manage your coins because it keeps the private keys saved and secured on your device. However, the Electrum wallet has no way of knowing if someone else has access to the same private keys and whether your wallet has already been compromised. For example, you wrote down the backup seed phrase on paper when creating the wallet, right? How will your Electrum wallet know if you intentionally or unintentionally exposed the seed to third parties?

You have already been told that if this is possible, all it will give you is a sense of false security, so why don't you ask more about the things that can give you real security of your funds. You cannot know if your seed phrase or private keys has been used to import your wallet into another device, and Electrum or any other wallet cannot help you with that, whoever has the seed phrase and can prove ownership of the funds through the keys is considered the 'owner' of the funds.

Forget about whatever will give you a false sense of security and buy a hardware wallet or run your Electrum wallet on an air-gapped device, you should also make backups of your seed phrase in more than one secure location. To add more security, you should add a passphrase and have a backup of it in a different location from your seed phrase, or use a multi-sig set up if you know how to do it.

As I said in my previous post, that's not possible.
When you import your seed phrase, your addresses are derived from your seed phrase locally on your device and you can do that even without internet connection. So, it's not possible to implement your suggestion. Also, note that if your wallet is compromised, it's possible that the hacker imports your private key to any other wallet and it's not that the hacker has to use electrum.

Okay. If Electrum cannot detect how many devices are connected to this wallet and when this account was accessed last, then I have nothing to say. But, I believe you will find my point convincing, or maybe not.

Suppose my wallet is already compromised for whatever reason, but it does not have a balance. The hacker will wait until a new deposit comes up.
If I can check that my wallet was logged in from another device or, say, from a different IP, I simply won't deposit to this wallet, and I will be able to escape the hacker. The case I mentioned in the OP was similar. The amount was wiped right after he made a deposit.

Since the wallet is noncustodial and does not collect user info, I don't know if it's possible.
But it would be great if Electrum could detect how many devices are connected to the same wallet.

Surely this user use metamask or trustwallet to hold his ETH so he experienced is irrelevant to electrum while Julerz cases is probably due to malware since he do something on his computer before his wallet got compromised. Probably compromised electrum wallet installer.


This is not possible including the request on this feature since electrum is a non custodial which means they don’t stored user information to their database. We are on our own to protect our assets here.

Such a feature is possible, but completely meaningless. Allow me to explain.

Your wallet contains your private keys, derived from your seed phrase. If your seed phrase or your private keys are leaked, they usually aren't leaked because someone else opened your wallet file, but because your seed phrase was stored insecurely, or there was some malware on your computer that accessed your private keys when you unlocked your wallet, or you imported your seed phrase/private keys in to another less secure wallet or an outright malicious wallet, or you entered your seed phrase/private keys on to a website, and so on. In these cases, any feature which shows the last time you opened your wallet would be completely meaningless and provide only a false sense of security. It would only show the times you had accessed your wallet (which you obviously know about), and would not be able to tell you that your seed phrase/private keys had leaked via other methods.

If you leaked your seed phrase via malware and I had access to it, for example, I could import it to a copy of Electrum on my computer and open your wallet. I could then do anything I wanted, from simply waiting for you to deposit more, to sweeping all your funds at any time. The whole time I have access to your wallet, your local copy of Electrum will happily show you that no one else is logging in to your local copy of Electrum, and it is completely impossible for it to know anything about my copy of Electrum which is also accessing your wallet.

Electrum itself is secure. It's open source. The code has been reviewed by many people and we can be sure that there's no vulnerability in electrum.


This doesn't mean electrum isn't safe. Any online device is prone to hacking and that's not electrum's fault.


No. If your wallet is compromised, you will find that out, when it's too late.


That's not possible at all. Take note that your wallet isn't like an account on a centralized service which you login to that.

No, until it is too late.

It would only be a false sense of security.

If a wallet has been compromised, it will not take more than some seconds to few minutes that the hackers will send the coin to his own address.

For high amount of coins, just be more secure about it. There are more secure ways to follow like offline wallets if setup properly. Or hardware wallet if reputed and open source. Or multisig wallet if setup properly.

Hi guys!
Currently, I am using Electrum 4.3.4, which is not the latest one. But I am okay with it.
Today I saw a thread in the scam accusation board where a guy claims $165K ETH was wiped from his wallet. I don't know what wallet he was using. I have read similar cases in this forum. A campaign manager named Julerz was hacked, and he used Electrum then. I am afraid about it. Even though I never keep my private key online, is there any way I can check if my wallet is already compromised or not? Is there any wallet that shows login logs? Do you guys believe we can request such a feature from some wallet providers, and do you think they may consider it? I don't know if Electrum has such a feature or not.

I appreciate community feedback about it. Is there any way we can request such a feature from Electrum, as it's the most reliable software wallet at this moment?