Topic: Do and Don't for Electrum Wallet - page 2. (Read 557 times)

I cannot say that you are absolutely right about storing your coins on centralized exchanges like Binance. In my opinion, everything has its pros and cons, nothing is 100% perfect. So far, Binance is safe and there have not been any cases of asset hacks like the case of julerz12 has encountered but I've also seen a few cases where users were unexpectedly locked out of their accounts by Binance. Binance still handles those cases and users almost always get their accounts back, but it took us a long time. If we store it on a non-custodial wallet, we have full control of the assets but face the risks that julerz12 has taken. Risks are everywhere.

Play stupid games, win stupid prizes.

It is trivial to set up most hardware wallets to work via Electrum's GUI, so the only additional hurdle for you to access your coins is plugging in your hardware wallet and entering its PIN/passcode/etc. This is such a trivial step for the extra security that a hardware wallet brings you, that it really is just plain stupid to own a hardware wallet but not use it, especially when talking about other people's money.

Exactly this. The only "flaw" in Electrum was it allowed servers to display arbitrary text to clients which connected to them. It was entirely the fault of the users who followed random links shown to them, downloaded malicious software, did not verify it like they should have, and then installed and used it, all without ever performing basic common sense checks. Electrum was no more at fault here than a web browser would be if you used that web browser to visit a phishing site.

It wasn't hacked, someone made a fake page and people were foolish to download the trojan from there... And there was also an incident of server spamming links, you could perfectly ignore. "Click here to download the new version", classical bait...

When I discovered that Electrum had been hacked a few years ago, I began using the Ledger hardware wallet. Even use Electrum to make multiple transactions by connecting ledger, which was not possible with Ledger live. Also I did not update the software on my Electrum. I went to the website and reinstalled from there. To avoid losses, it is preferable to use a hardware wallet. Hackers are very smart nowadays, and we must be as well.

Don't use Windows is a good first step. I wish they dropped the windows binary, but it can only make things worse (unofficial compiles).

People love blaming wallets when its their OS that got a trojan or whatever that passes screenshots and keypresses to others. Linux is not perfect, but its a solid step in the right direction. You could use OpenBSD if you are more paranoid or some enhanced security Linux distro; perhaps using TOR, etc. Besides money should not be handled in the same machine you are playing games or watching random web pages...

There is also the problem of: what if this has been staged? It was mentioned in the linked thread. If that amount is a lot in the Philippines, i cannot tell you what you can do in my country. A "famous" Mexican youtuber bought a house near the beach with that exact amount for his local girlfriend... State caused hyperinflation does weird things to the economy. I even know some people who emigrated to the Philippines from here at the other side of the world and found a much better life simply because the economy is less strangled (as much as a Filipino may find this distressing).

Anyway if you are handling the money of others, you have no excuses. NO WINDOWS and a lot of security measures. Sure, add a hardware wallet if you feel like it. The reason these wallets are hot is because they are like wages that are paid in a fixed frequency like every week or so. Handling the money of others is a big responsibility, you are like a little bank for others and you can be targeted for that.

Once again people want to FUD Electrum, its like when they FUD Bitcoin because FTX failed, when one thing has nothing to do with the other.

Hot wallets are vulnerable but more vulnerable is the OS you are running them on, and the network this is connected to, etc, etc.

It's really a big deal when something like this happens, and it's always an individual issue so we do not know if there is a general problem and what not. I have to say Binance is more secure than most of these, and people do not see it. I understand the logic behind it, you just do not trust someone else holding your money, I get it.

But, how many people lost their money on Binance, and how many did it when it was on their wallet? There are a lot more people who fail to do proper security on electrum and get "hacked" whereas Binance will keep your money safe, and with 2fa it is near impossible to get hacked as well which shows how great it is.

Yes, dear Julerz12 recent incident with the Yomix funds in the Electrum wallet made me think again that Hot wallets are more vulnerable than i was assumed. But im not sure about his case because the evidence shows the mistakes on the Julerz side, not on the electrum wallet issues. Still, I use to endorse that hot wallets are not at all good for holding especially for long-run holdings.

He has installed an anti virus on his computer but it doesn't work well to prevent viruses, maybe some variant of virus attack is not detected on anti virus and works behind the scenes to catch wallet access, but switching to linux operating system is better to avoid various virus attacks, hopefully no one has the same case and we have to protect the security of the wallet at all times.

I agree with your opinion and your way of using PC. But actually nothing is really safe even though you have taken the security steps properly and correctly. I've also used electrum for a while and I don't think it's too risky to use as storage either, but the risks are there although we're pretty sure it's safe.

In the case raised by the OP, it appears that the user has made mistake he may not have been aware of including installing the wallet on PC already infected with malware. It was his fault, but someone would still accuse him of stealing funds instead of simply believing his wallet was hacked. Electrum is fine, and in most cases it is user error.

I went through the thread, and it seems to me that it's unclear whether the manager got hacked (although I tend to believe people), and how exactly that happened (I suppose o_e_l_e_o is right about malware).
In another situation, it could be someone who has access to the person's laptop simply accessing it and taking the money, or hypothetically some sort of virus. Given that Electrum doesn't require you to type in the passphrase each time and, if you didn't set up a password, doesn't even require one to open the wallet (or a password could be weak/ a phone could be nearby if it's a 2FA).
So yes, there are always risks if something isn't done right, but it's not a weakness of Electrum itself.

I don't think he installed a rogue app, maybe his computer is infected with a virus because he doesn't use any anti-virus software. While it may not be able to completely prevent all viruses, it will work for some. I have seen that he has switched to Linux, which should be better for him; in the end, this is the user's fault, not the wallet's.

All the cases that happened to Electrum were due to user error from inaccuracy or carelessness in the management of seed phrases, if someone blames the wallet application then all the current user funds have been in trouble because hackers will target theft from the highest fund wallet, so the latest case that happened to julerz will be be a valuable experience for all of us to increase the security factor and update any information from the official web.

On the other hand, I always download the latest version of Electrum to use and so far I haven't had any problems with either the old or new versions of Electrum. I have also read about his unfortunate incident, what the real cause is only he knows best, but I dare say it was his fault and not Electrum's. Electrum is arguably the most popular hot wallet in use to date, just because of a few cases of attacks we assume it's the wallet's fault. That is not correct, all attacks are largely due to user behavior.

I also read the incident that happened to @Julerz, if you look at it there was also negligence and Julerz was very complacent with the cold wallet, but I'm not saying that the cold wallet is dangerous. Because I have been using Electrum for 4 years and so far so good I have not experienced anything bad with it. Even though I haven't updated my electrum as he did, the hacker didn't get into it like what happened to him.

Because I have a backup of my seed phrase and private key in one of my USBs, and no one else knows right now what I have saved which are important pass keys, private keys, and so on.

Security is the first priority when you are going to invest in bitcoin. This is about your money, so just buy a ledger, spend money on it and in the end it will be much cheaper than if you lost everything that you store on your PC.

I understand that it is much easier to install electrum, it does not require any additional costs and at first it seems to be quite a reliable way. Electrum can also be used sometimes it's really convenient, but in that case it's worth keeping only a small amount, maybe only a few hundred dollars, so in case of theft it will not have a big impact on you.

They don't know such wallet exist or might not now where to buy them. Also these people are newbies when it comes to protecting their crypto assets from hackers. Most of them are like that and they are also not aware of this community where they can learn all they need to prevent themselves from getting hacked.

because in my opinion, people make shit. Most of these are fucking made up. Don't take too serious into it. Just like the 200BTC luke thing.

There's no security flaws on Electrum wallet, because if there's a security flaws many users will lost their funds and don't forget Electrum is open source, so anyone with high technical knowledge and experienced will report to Electrum's github.

If there's someone access his PC, it mean there's no hack because he just take over the PC and move all of the money without Julerz12 knowing. Hack is where someone use a malicious code or file without touching directly the user's PC.

@Julerz12,  Hacking of this manager's Electrum wallet is really surprising because the hacker hacked the escrow dollars of two of his signature campaigns.  On the other hand, the security system of Electrum wallet has been questioned.
We know the @Julerz12 manager very well, it's not like an honest manager like him can't handle the lure of just $5000.  I think maybe someone hacked his PC in his absence or hacked his PC line server and then took access to his PC.
For example a few days ago a bitcoin developer hacked 200 BTC with access to offline wallet of @lukedashjr.  This happened very miraculously as many might be wondering how a hardware/offline wallet is hacked.  Actually the incident happened differently, the hacker first hacked his home PC server line and later took access to his hardware wallet from the PC line.  Then a Bitcoin developer 200 BTC thus coincidentally falls into the hands of hackers.  In this case the security system of hardware wallet can never be responsible.

Do/Don't do This

1.Check your home server line security system thoroughly.
2. You should never download a software wallet from a phishing website.
3.You should not save your wallet's Backup key, Password, Seedphase etc. here and there.  Write down a security detail in a notebook or diary and keep it in a secret place.
4.If you are not at home i.e. not near your PC/mobile, close it and lock it in a secret place.  It is also possible that someone steals your device password and gains access to your wallet in your absence.
5. Don't leave your webcam on while the PC is online.
6. You should not connect wallet to any unknown website especially during airdrops / Bounty.  This will make your wallet more likely to get hacked.

There is nothing wrong with the Electrum wallet, it is safe and it varies how you will use it.
The vulnerabilities of using a software wallet are always there, and carelessness could be one reason that you perhaps get hacked, Electrum for a hot wallet could be fine but if you want more security level go for a Hardware wallet, after using it connecting to the device leaves nothing traces. This is a common problem for us upon keeping our coin, we want more convenience to use than the security level of our wallet.

---

A big amount should be on a hardware wallet, even malware hacks cannot be penetrated.
Lastly, always download it from the official website of Electrum and verify.