Do and Don't for Electrum Wallet - page 3.

mk4

legendary

Activity: 2716

Merit: 3817

🪸 NotYourKeys.org 🪸

Quote from: NotATether on January 11, 2023, 04:03:30 PM

Some people live in repressive environments where a hardware wallet cannot be brought or even smuggled in without seizure. Not on a country level, but at a community level. So software-based airgapped wallets like Sparrow wallet server provide necessary stealth for them.

Yea of course it will vary from person to person, but most people definitely have access to hardware wallets — they just don't want to put in the effort because software wallets are simply better UX.

As for people in countries with crypto banned, yea it's going to be tough.

darkangel11

legendary

Activity: 2296

Merit: 1335

Defend Bitcoin and its PoW: bitcoincleanup.com

I've been running Electrum for many years. I don't always keep it updated because I find downloading and checking each update pretty troublesome, but in a way I'm a living proof that it's not the lack of updates that puts your coins at risk. If you have an older version that works for you and that was proven to have no bugs, there's no need to keep downloading new files and updating the wallet. The important part is what you use your computer for. I don't use it at all. I mean I have it on from time to time but I don't install anything and don't use it to check my email or anything.

Think of the Internet like a dirty bathroom. Don't touch anything suspicious looking and wash your hands every time Wink

I'm sure the loss happened because OP stole the money or had malware on his computer, not because Electrum is compromised.

South Park

hero member

Activity: 2856

Merit: 794

I am terrible at Fantasy Football!!!

Quote from: PrivacyG on January 11, 2023, 01:04:14 PM

One thing I always recommend. Separate your activities in multiple computers. Have a computer dedicated for Cryptocurrency and a separate computer for the rest. This way, you avoid theft of your Coins if you have the awfully bad habit of randomly clicking and installing stuff on your main computer.

Think of it like your Fiat wallet and your Savings account or your safe if you have one. You separate the valuable from the less valuable because the latter is more prone to theft. Unless you are an expert in digital security and storage, do not pretend you know best. Even as an expert, it would be great if you still understand and be conscious of risk.

-
Regards,
PrivacyG

Agreed, and this is not that difficult, it is not that rare to have an old laptop which you can use as your cold storage and install Linux there which is much safer than Windows, now if someone wants to use Windows because they really like it, they need a piece of software that only runs there or for other reasons, they can use it if they want, but you must never put any kind of sensitive data there as the risk of losing that information is too high.

BitDane

sr. member

Activity: 1372

Merit: 348

Quote from: virasog on January 11, 2023, 10:12:27 AM

If you read this post, I've been hacked (Electrum 4.3.2), you will find that person lost his funds because he did not protect his wallet properly.

I believe one of the major flaw on the system of the person that was hacked while using the electrum 4.3.2 is lack of a good antivirus software. All he has is the window defender which the person found out that it does not do anything. With good anti-virus at least some known malware and viruses can be detected and deleted or quarantined before it infect our pc system.

Quote from: virasog on January 11, 2023, 10:12:27 AM

I would like people to tell and discuss that after installing Electrum wallet on the computer, what additional steps they should take so that there are minimal chances of their funds being hacked by the intruders and hackers.

Not only after installing but make sure that our system is free from any infection of malware or trojan before installing electrum wallet. Always verify the application by checking the app signature.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: mk4 on January 11, 2023, 10:23:19 AM

I don't got why like a huge majority of bitcoin/crypto holders wouldn't just buy a Ledger/Trezor. If they just use a reputable hardware wallet and just keep the backup offline, that's pretty secure enough for long-term holding. But nooo, most people wouldn't want to pay a measly <$100 for security.

Some people live in repressive environments where a hardware wallet cannot be brought or even smuggled in without seizure. Not on a country level, but at a community level. So software-based airgapped wallets like Sparrow wallet server provide necessary stealth for them.

panganib999

hero member

Activity: 1694

Merit: 589

Quote from: mk4 on January 11, 2023, 10:23:19 AM

I don't got why like a huge majority of bitcoin/crypto holders wouldn't just buy a Ledger/Trezor. If they just use a reputable hardware wallet and just keep the backup offline, that's pretty secure enough for long-term holding. But nooo, most people wouldn't want to pay a measly <$100 for security.

I don't understand why either lmao, I mean of course there's the convenience of easy transfer and access of funds when you keep your assets on a hot wallet but that is almost always a death wish especially with how sophisticated these hackers become. There could be the notion of "fear of misplacing" these cold wallets but unless you carry your wallet with you everyday of your life instead of keeping it in a safety deposit box or a vault, you wouldn't have this problem. Also the age-old reason, "I keep forgetting". I've been an offender of this a couple times in my life. I always say I would buy a cold wallet whenever but I keep forgetting it lmao.

PrivacyG

hero member

Activity: 728

Merit: 1695

Crypto Swap Exchange

One thing I always recommend. Separate your activities in multiple computers. Have a computer dedicated for Cryptocurrency and a separate computer for the rest. This way, you avoid theft of your Coins if you have the awfully bad habit of randomly clicking and installing stuff on your main computer.

Think of it like your Fiat wallet and your Savings account or your safe if you have one. You separate the valuable from the less valuable because the latter is more prone to theft. Unless you are an expert in digital security and storage, do not pretend you know best. Even as an expert, it would be great if you still understand and be conscious of risk.

-
Regards,
PrivacyG

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Quote from: UmerIdrees on January 11, 2023, 12:25:21 PM

If possible can you share with me any article or video which can explain in detail on how to set up Electrum as cold storage?

I provided a link up there: https://electrum.readthedocs.io/en/latest/coldstorage.html

But setup the cold storage on a device with newly reinstalled OS.

Quote from: UmerIdrees on January 11, 2023, 12:25:21 PM

Also, i know that I should reset the hardware wallet after purchase but i will appreciate if I know how to identify that the hardware of the wallet is altered. This way I can buy a hardware wallet Ledger from a local reseller and check for myself if its hardware is original.

Like Trezor, it comes with tamper seal. I have not gotten one yet, if I want to buy, I will do more research about it. But I hope people that have bought it here can give more ways to know original Trezor and other hardware wallet. But buying from the right place is very important.

Quote from: mk4 on January 11, 2023, 12:40:02 PM

Sure a paper wallet or an airgapped device can work just as better. But the question is — what percentage of the masses are capable of using such a setup? Definitely a very small minority for sure.

How about a paper wallet setup on wallet like Electrum? It may be hard for some people too. But people should care for their money, if they can not buy a hardware wallet, cold storage is still the safest way. A process used for making wallet on airgapped device can easily be used to setup HD paper wallet which is simpler if compared with single key paper wallet. I for example, I try all possible means to learn how to protect my coins which is the reason I knew how to. But you are right.

mk4

legendary

Activity: 2716

Merit: 3817

🪸 NotYourKeys.org 🪸

Quote from: Charles-Tim on January 11, 2023, 11:52:18 AM

Just bitcoin, for holding? A paper wallet is enough for that if it can be setup properly. Electrum on an airgapped device can be used for that as well. There is nothing safe like cold storage. Although, a hardware wallet can be used as cold storage too.

Sure a paper wallet or an airgapped device can work just as better. But the question is — what percentage of the masses are capable of using such a setup? Definitely a very small minority for sure.

UmerIdrees

hero member

Activity: 2212

Merit: 833

Quote from: Charles-Tim on January 11, 2023, 11:52:18 AM

Quote from: UmerIdrees on January 11, 2023, 11:36:28 AM

So people like me are left with the only option to use Electrum wallet (the best hot wallet so far known to me) and when we hear experienced people's wallets like julerz12 can be hacked, then what will become of ours wallet and bitcoin Huh

If you can get official reseller, it is a very good option to buy hardware wallet, but the safest are still cold storage and you can use Electrum for that as well if you can setup the cold storage properly. Also you should know how to know the original hardware wallet if you can get on from official reseller, but try and know how the original hardware looks like before buying and make sure it has the qualities after buying it and buy from the official resellers if possible.

If possible can you share with me any article or video which can explain in detail on how to set up Electrum as cold storage?

Also, i know that I should reset the hardware wallet after purchase but i will appreciate if I know how to identify that the hardware of the wallet is altered. This way I can buy a hardware wallet Ledger from a local reseller and check for myself if its hardware is original.

Lucius

legendary

Activity: 3108

Merit: 5364

Fortis Fortuna Adiuvat⚔️

Quote from: UmerIdrees on January 11, 2023, 11:36:28 AM

~snip~
So people like me are left with the only option to use Electrum wallet (the best hot wallet so far known to me) and when we hear experienced people's wallets like julerz12 can be hacked, then what will become of ours wallet and bitcoin Huh

The problem is not in Electrum or any other respectable wallet, but in the way someone uses it. Having such a hot wallet on a computer that is used to download torrents, pirated software and visit pornographic websites is a perfect recipe for some kind of disaster to happen. Regardless of one's financial situation, one must find a way to protect oneself as much as possible from all online threats, even if it means that one has to give up some of the habits one had until then.

A good AV is not something that guarantees 100% security, but it is one of the important things if you use Windows OS, because it will prevent most viruses and malware from infecting your computer, thus protecting your crypto wallet.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Quote from: mk4 on January 11, 2023, 10:23:19 AM

I don't got why like a huge majority of bitcoin/crypto holders wouldn't just buy a Ledger/Trezor. If they just use a reputable hardware wallet and just keep the backup offline, that's pretty secure enough for long-term holding. But nooo, most people wouldn't want to pay a measly <$100 for security.

Just bitcoin, for holding? A paper wallet is enough for that if it can be setup properly. Electrum on an airgapped device can be used for that as well. There is nothing safe like cold storage. Although, a hardware wallet can be used as cold storage too.

If the hack is true, what if it is a friend (and most likely someone close to him) that compromised his wallet and stole the coins? What if it is the seed phrase was seen and compromised by someone close to him like a friend?

Hardware wallet can help, but there are some other things to be known for coins not to be stolen on hardware wallet, and even cold storage, like clipboard malware.

Quote from: UmerIdrees on January 11, 2023, 11:36:28 AM

So people like me are left with the only option to use Electrum wallet (the best hot wallet so far known to me) and when we hear experienced people's wallets like julerz12 can be hacked, then what will become of ours wallet and bitcoin Huh

If you can get official reseller, it is a very good option to buy hardware wallet, but the safest are still cold storage and you can use Electrum for that as well if you can setup the cold storage properly. Also you should know how to know the original hardware wallet if you can get on from official reseller, but try and know how the original hardware looks like before buying and make sure it has the qualities after buying it and buy from the official resellers if possible.

UmerIdrees

hero member

Activity: 2212

Merit: 833

Quote from: mk4 on January 11, 2023, 10:23:19 AM

I don't got why like a huge majority of bitcoin/crypto holders wouldn't just buy a Ledger/Trezor. If they just use a reputable hardware wallet and just keep the backup offline, that's pretty secure enough for long-term holding. But nooo, most people wouldn't want to pay a measly <$100 for security.

Not that people do not want to buy Ledger or Trezor hardware wallet, but sometimes they are not allowed to buy it Angry

You may be living in a developed country but i am living in a country who are in an economic crisis. We do not have enough dollar reserves with our government and if i order this hardware wallet from the official site, i may never receive it as it will be held at customs.
Also, I would not take the risk to buy from local sellers, as we know that 3rd party sellers can manipulate the software and even the hardware of these wallets.

So people like me are left with the only option to use Electrum wallet (the best hot wallet so far known to me) and when we hear experienced people's wallets like julerz12 can be hacked, then what will become of ours wallet and bitcoin Huh

livingfree

hero member

Activity: 2758

Merit: 575

Quote from: mk4 on January 11, 2023, 10:23:19 AM

I don't got why like a huge majority of bitcoin/crypto holders wouldn't just buy a Ledger/Trezor. If they just use a reputable hardware wallet and just keep the backup offline, that's pretty secure enough for long-term holding. But nooo, most people wouldn't want to pay a measly <$100 for security.

Yeah, they find it hassle to purchase a hardware wallet because they think that it's not worth it and the price is too much. It's the easiest and yet one of the strongest way to protect your assets.

At the same time, being aware of the typical ways of keeping your wallet still has to be monitored on how you browse with the use of your computer.

If someone can't purchase a hardware wallet but has got some spare device or laptop or desktop, use that as your personal wallet for which you'll not do anything about it except using it as a wallet and at most time, it's disconnected to the web.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18503

Quote from: m2017 on January 11, 2023, 10:57:09 AM

So what mistake did make julerz12 with Electrum wallet? Was the vulnerability with Electrum or with their OS/PC?

As I explained above, his computer had malware. There was no vulnerability with Electrum - he simply used it in an insecure way.

Quote from: m2017 on January 11, 2023, 10:57:09 AM

In this case, online theft is simply impossible due to the need to physically confirm any transaction.

Hardware wallets are much safer, yes, but they are not invulnerable to hacks, malware, vulnerabilities, etc. Complacency and thinking that your wallets are impossible to hack is often the first step in losing your coins.

m2017

legendary

Activity: 1764

Merit: 1282

keep walking, Johnnie

Quote from: virasog on January 11, 2023, 10:12:27 AM

If you read this post, I've been hacked (Electrum 4.3.2), you will find that person lost his funds because he did not protect his wallet properly.

I would like people to tell and discuss that after installing Electrum wallet on the computer, what additional steps they should take so that there are minimal chances of their funds being hacked by the intruders and hackers.

So what mistake did make julerz12 with Electrum wallet? Was the vulnerability with Electrum or with their OS/PC?

Probably the easiest solution to reduce the risks of Electrum wallet hacking is to buy a hardware wallet. In this case, online theft is simply impossible due to the need to physically confirm any transaction.

mk4

legendary

Activity: 2716

Merit: 3817

🪸 NotYourKeys.org 🪸

Quote from: o_e_l_e_o on January 11, 2023, 10:38:28 AM

Even more ridiculous in this case since the user owns a Ledger device, but just didn't use it.

It's the classic "I haven't been hacked yet so I won't get hacked" or "my computer is secure I won't get hacked". People being complacent because of easy-recovery on web platforms has been a very dangerous precedent.

NeuroticFish

legendary

Activity: 3500

Merit: 6205

Looking for campaign manager? Contact icopress!

Quote from: virasog on January 11, 2023, 10:12:27 AM

I would like people to tell and discuss that after installing Electrum wallet on the computer, what additional steps they should take so that there are minimal chances of their funds being hacked by the intruders and hackers.

This is very simple:
* if you have the skills and willingness to correctly set up and use a cold storage, start with that and use your live Electrum watch only, built only from the cold one's master public key.
* if you don't have those skills or just want more convenience, acquire a hardware wallet.

In both cases the backup seed doesn't have to touch any online device (and need to be backed up in multiple places).
I also recommend restoring at least once the cold storage or hardware wallet from the seed you're backing up, to make sure you indeed work with the wallet you think you're working with.
(Before using any electrum you should verify its signature, you know that, right?)

If you also really care about your privacy and you have the skills and hardware for that, you can consider setting up for yourself a bitcoin node, an electrum server and maybe a block explorer too.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18503

Quote from: virasog on January 11, 2023, 10:12:27 AM

If you read this post, I've been hacked (Electrum 4.3.2), you will find that person lost his funds because he did not protect his wallet properly.

That hack had nothing to do with Electrum and everything to do with the fact the user in question was using a hot wallet on a machine which had malware on it. No wallet software can protect against that.

Quote from: virasog on January 11, 2023, 10:12:27 AM

I would like people to tell and discuss that after installing Electrum wallet on the computer, what additional steps they should take so that there are minimal chances of their funds being hacked by the intruders and hackers.

There is nothing else he could have done in regards to installing Electrum itself. The steps he should have taken include not using a terrible OS like Windows and ending up with a device full of malware, not installing spyware software such as Google Chrome, and not using a hot wallet in the first place. If you install any hot wallet on an insecure machine, then your funds are at risk.

You can use Electrum safely by setting it up as a cold wallet or as a multi-sig wallet, or you can use a hardware wallet instead. But if you are going to use it as a hot wallet, then it can only ever be as secure as the device it is installed on, which in this case was not secure at all.

Quote from: mk4 on January 11, 2023, 10:23:19 AM

I don't got why like a huge majority of bitcoin/crypto holders wouldn't just buy a Ledger/Trezor. If they just use a reputable hardware wallet and just keep the backup offline, that's pretty secure enough for long-term holding. But nooo, most people wouldn't want to pay a measly <$100 for security.

Even more ridiculous in this case since the user owns a Ledger device, but just didn't use it.

hd49728

legendary

Activity: 2044

Merit: 1018

2FA for Electrum wallet is from Trustedcoin, a third party server.

Their server can be compromised but if you own two keys, you can sign your transactions. I don't want to use 2FA from Trustedcoin.

I will use a multisig wallet 2/3 cosigners on my different devices. One key for laptop, one key for desktop and one key I only create it and backup offline. I don't store that third key on any of my device and only import it if I need to use when one of two other keys can not be used.

Topic: Do and Don't for Electrum Wallet - page 3. (Read 557 times)