Topic: Do and Don't for Electrum Wallet (Read 560 times)

The thread "I've been hacked Electrum..." must be removed or the title changed as it gives the impression that Electrum is vulnerable. How Julerz've been hacked has nothing to do with Electrum itself.
If you are looking for what to do and what not to do to keep your wallet safe then you will find an infinity of threads which will help you in your quest.
Just download it from the official website and verify its signature then follow the above suggestions and you should be fine.

That wouldn't be such a bad thing.

Well, not entirely, since whichever servers you connect to via Tails will still be able to link all the addresses in that wallet together. You can break the link between different wallets (provided you change circuits) and the link between your wallets and your IP address, but not between different addresses in the same wallet.

Do you use a centralized exchange? They have all been hacked at some point.

This is an unobtainable standard. Every piece of software in existence has bugs in it. Bitcoin itself has had a number of critical bugs, probably the worst of which resulted in 92 billion bitcoin being created out of thin air.

What's the benefit of your online wallet being on another instance of Tails, as opposed to just your usual OS? Provided your computer is clean, free from malware, and your watch only wallet is connecting exclusively to your own node, I don't see what is to be gained by using Tails for this part? I suppose the benefit comes if you are not connecting to your own node at all and are just using third party Electrum servers?

The easiest way to use electrum offline is to make two tails OS usbs. One should be offline and the other online. You should preferably have a dedicated offline computer, but if you don't, just run the offline tails os in airplane mode.

For the online wallet, use another tails os to put your xpub. You will pass the psbts with qr codes or burned cds. not usbs.

If it is not reliable then it has not been used and has been around for more than 10 years. Every product in the release period will have bugs at times, but that doesn't mean it can't be fixed in the future. The question is, why do so many people use it with no problem, but you have issues with it? Its the fault of your wallet or yours?

I agree with others, something that has been hacked before would never give me trust ever again, it would not be possible at all for me to trust it and use it. Just remember the fact that there were tens of millions of dollars that went away from peoples wallets because of this, and there is no reason we should trust them again.

This is why I believe that we should be focusing a lot more towards finding something that has never been hacked or never had any bugs etc etc before, which would make it a safe thing or at least we know that it has been safe up to that point, and yeah it could still get hacked in the future but why risk it with something that has already done that before?

A thief who knows what he is looking for is highly unlikely to just start manually opening random directories in your OS's file explorer to hunt for a wallet. Rather they will just perform an automated search for wallet files, or the Electrum software, or strings which appear in Electrum wallets files, or so on, which will find your wallets almost immediately.

Hiding files like this is false sense of security - security through obscurity, which is a bad idea. A much better idea is to add a strong password to all your wallet files which will encrypt them and keep them safe from attackers. If you want to hide the fact you even have Electrum installed altogether, then either use whole disk encryption or run Electrum directly from a removable USB drive or on a live OS.

Is there a way that the thief would able to access that electrum wallet in case he had stolen your CPU and trying out to access it? We do know that it does have some password
unless if you do put it up obviously on whats your password then all of those coins in that wallet would be swept.Its still hard to bruteforce it out if you dont have that
electrum wallet password which its been mainly asked on the time that you would be accessing the program or wallet.So its still impossible
in this case.

I've been using Electrum for many years, and I give you some advices to make your computer more secure.

1/ Don't install an Electrum icon, nor a shortcut with another icon on your desktop. The software should be hidden.

2/ Create your own directory to install the software, and give it an innocent name, not Electrum, nor anything related to crypto.

It's not much, but if someone steals my computer (that happened to me a while ago), the thief will need time to find anything related to crypto on it.

The tips you shared may be of some use and that is how person should use his device. But we are all different, and this allows some Electrum users to make mistakes that end up self harm and them financially. I've also been using electrum since I got to know bitcoin, I'm grateful it's still safe but really I don't store anything on my PC or smartphone that I use everyday.

Having special device or hardware wallet is more secure, but of course it comes at some cost. For security reasons, the costs may be worth it with the reduced level of risk. But it's all about how a user realizes and how they get used to minimizing risks.

To minimize the chances of your funds being hacked when using an Electrum wallet, there are several steps you should take:

Use a strong and unique password for your wallet.

Enable two-factor authentication (2FA) for added security.

Keep your computer and software updated to ensure that you have the latest security patches and fixes.

Do not share your seed phrase or private keys with anyone.

Do not use public Wi-Fi or untrusted networks to access your wallet.

Use a hardware wallet to store your private keys offline and away from potential attackers.

Use a cold storage option to store a large amount of cryptocurrency.

Be cautious of phishing scams and do not click on links from unknown sources.

Regularly backup your wallet and keep the backup in a secure and accessible place.

Be aware of the latest security threats and be vigilant when using your wallet online.

Dilemma when saving Bitcoin fund in cold wallet have chance with firmware and something bad happen in our computer, but what did you say is true when holding Bitcoin in exchange is like in the bank and need pray every time for the exchange owner not run away our Bitcoin fund.

Use third party like Bank or exchange we don't have private key for controlling our Bitcoin fund, some thing bad will happen however trusted with exchange used for holding Bitcoin, enough with FTX collapse and  many exchange before become valid proof about can't fully trusted with exchange market as place for saving or holding cryptocurrency assets, if ability like cash money and save it under pillow I will save my Bitcoin or altcoin assets the same like cash money  .

Ive been using Electrum for 4-5 years as far as i remember and i didnt make myself being hacked.

1. Install AV
2. Make your windows updated
3. Dont click up on pop up updates (have issues before)
4. Dont download randomly on your PC
5. Put up password that you are the only ones who do have access on your own pc
6. Dont save up PK's on notepads or other text file

Its impossible that there would really be some internal exploit on Electrum itself because it  would really be a big main issue
if its proven.

Well, it might be because most people are not from first world countries ... where the currency is say 20 times stronger than what it is in 3rd world countries. You might think $100 is nothing .... but that is a months salary for many people that are working in 3rd world countries.

Also, not everyone are 100% computer literate..... they might struggle with things like firmware upgrades for these wallets. (Believe me.. I am 200% computer literate and the Ledger Nano firmware upgrade was a pain in the ass) 

electrum wallet is the industry standard for software wallets. If it wasn't reliable, it wouldn't have been there for almost 9 years.

Of course, an exchange is like a bank, its not your money anymore. Pray they don't run with it...

Plenty more reasons you can add to that list, looking at all the reasons that other exchanges have collapsed over the last few months. They can be insolvent because they were gambling your money away or handing out incredibly risky under- or non-collateralized loans. Another exchange or bank which they use can shut down, be insolvent, deny them service, etc., and they can end up insolvent because of that. Your government could stop them operating in your jurisdiction, freezing your account and meaning you can no longer access your coins. You can end up a piece of malware on your device which steals your account details or session and empties your accounts. The list is endless.

This is the bare minimum for good 2FA. Having your 2FA authentication using the same device which you use to log in to the account in the first place means compromise of that one device will compromise both of your factors.

Electrum is a good Bitcoin wallet and I've seen many people say well of it, yet nothing is to be trusted 100%, but if the fault is not from the wallet itself, then you should absorb any blame as your fault if your coin is stolen.

Carelessness in most cases is the reason why money is stone, we should never trust anyone and even our gadget if we want to safeguard anything that is related to the internet.

All the possible security features must be activated on the wallet for proper security with a potent password combination of upper and lower case letters, numbers and others. And nothing must be stored on the computer, phone, and other gadgets. If possible on the 2FA, the gadget that would receive the combination must be offline or has nothing in common with the gadget from which you operate the wallet.

This is extremely wrong that people start to think that they can't keep the money safe in personalized wallets, so they started to make up mind that binance is safe.

Binance is not safe because of two reasons;

1) They can anytime scam or deny your withdrawals and you cannot do nothing
2) They can be hacked and again you will not get back your funds.

But people think that binance is safer as there is password and 2fa and all these securities while personalized wallets have only private keys and nothing else. I would call it lack of knowledge on the part of users and we need to educate people that decentralized wallets are safer than centralized wallets and exchanges,

Binance have suffered multiple hacks in the past. They were hacked in 2019 for $40 million worth of bitcoin. They were hacked in 2022 for $570 million worth of various altcoins and tokens. They were hacked in 2019 for the KYC data of thousands of users. Binance is not safe.

"Almost always", which means that some users just lose everything and there is nothing they can do about it.

Keeping your coins on any centralized exchange means they are not yours and you could lose them all at any time. It doesn't matter if the exchange in question is Binance. It is not safe.

I cannot say that you are absolutely right about storing your coins on centralized exchanges like Binance. In my opinion, everything has its pros and cons, nothing is 100% perfect. So far, Binance is safe and there have not been any cases of asset hacks like the case of julerz12 has encountered but I've also seen a few cases where users were unexpectedly locked out of their accounts by Binance. Binance still handles those cases and users almost always get their accounts back, but it took us a long time. If we store it on a non-custodial wallet, we have full control of the assets but face the risks that julerz12 has taken. Risks are everywhere.

Play stupid games, win stupid prizes.

It is trivial to set up most hardware wallets to work via Electrum's GUI, so the only additional hurdle for you to access your coins is plugging in your hardware wallet and entering its PIN/passcode/etc. This is such a trivial step for the extra security that a hardware wallet brings you, that it really is just plain stupid to own a hardware wallet but not use it, especially when talking about other people's money.

Exactly this. The only "flaw" in Electrum was it allowed servers to display arbitrary text to clients which connected to them. It was entirely the fault of the users who followed random links shown to them, downloaded malicious software, did not verify it like they should have, and then installed and used it, all without ever performing basic common sense checks. Electrum was no more at fault here than a web browser would be if you used that web browser to visit a phishing site.

It wasn't hacked, someone made a fake page and people were foolish to download the trojan from there... And there was also an incident of server spamming links, you could perfectly ignore. "Click here to download the new version", classical bait...

When I discovered that Electrum had been hacked a few years ago, I began using the Ledger hardware wallet. Even use Electrum to make multiple transactions by connecting ledger, which was not possible with Ledger live. Also I did not update the software on my Electrum. I went to the website and reinstalled from there. To avoid losses, it is preferable to use a hardware wallet. Hackers are very smart nowadays, and we must be as well.

Don't use Windows is a good first step. I wish they dropped the windows binary, but it can only make things worse (unofficial compiles).

People love blaming wallets when its their OS that got a trojan or whatever that passes screenshots and keypresses to others. Linux is not perfect, but its a solid step in the right direction. You could use OpenBSD if you are more paranoid or some enhanced security Linux distro; perhaps using TOR, etc. Besides money should not be handled in the same machine you are playing games or watching random web pages...

There is also the problem of: what if this has been staged? It was mentioned in the linked thread. If that amount is a lot in the Philippines, i cannot tell you what you can do in my country. A "famous" Mexican youtuber bought a house near the beach with that exact amount for his local girlfriend... State caused hyperinflation does weird things to the economy. I even know some people who emigrated to the Philippines from here at the other side of the world and found a much better life simply because the economy is less strangled (as much as a Filipino may find this distressing).

Anyway if you are handling the money of others, you have no excuses. NO WINDOWS and a lot of security measures. Sure, add a hardware wallet if you feel like it. The reason these wallets are hot is because they are like wages that are paid in a fixed frequency like every week or so. Handling the money of others is a big responsibility, you are like a little bank for others and you can be targeted for that.

Once again people want to FUD Electrum, its like when they FUD Bitcoin because FTX failed, when one thing has nothing to do with the other.

Hot wallets are vulnerable but more vulnerable is the OS you are running them on, and the network this is connected to, etc, etc.

It's really a big deal when something like this happens, and it's always an individual issue so we do not know if there is a general problem and what not. I have to say Binance is more secure than most of these, and people do not see it. I understand the logic behind it, you just do not trust someone else holding your money, I get it.

But, how many people lost their money on Binance, and how many did it when it was on their wallet? There are a lot more people who fail to do proper security on electrum and get "hacked" whereas Binance will keep your money safe, and with 2fa it is near impossible to get hacked as well which shows how great it is.

Yes, dear Julerz12 recent incident with the Yomix funds in the Electrum wallet made me think again that Hot wallets are more vulnerable than i was assumed. But im not sure about his case because the evidence shows the mistakes on the Julerz side, not on the electrum wallet issues. Still, I use to endorse that hot wallets are not at all good for holding especially for long-run holdings.

He has installed an anti virus on his computer but it doesn't work well to prevent viruses, maybe some variant of virus attack is not detected on anti virus and works behind the scenes to catch wallet access, but switching to linux operating system is better to avoid various virus attacks, hopefully no one has the same case and we have to protect the security of the wallet at all times.

I agree with your opinion and your way of using PC. But actually nothing is really safe even though you have taken the security steps properly and correctly. I've also used electrum for a while and I don't think it's too risky to use as storage either, but the risks are there although we're pretty sure it's safe.

In the case raised by the OP, it appears that the user has made mistake he may not have been aware of including installing the wallet on PC already infected with malware. It was his fault, but someone would still accuse him of stealing funds instead of simply believing his wallet was hacked. Electrum is fine, and in most cases it is user error.

I went through the thread, and it seems to me that it's unclear whether the manager got hacked (although I tend to believe people), and how exactly that happened (I suppose o_e_l_e_o is right about malware).
In another situation, it could be someone who has access to the person's laptop simply accessing it and taking the money, or hypothetically some sort of virus. Given that Electrum doesn't require you to type in the passphrase each time and, if you didn't set up a password, doesn't even require one to open the wallet (or a password could be weak/ a phone could be nearby if it's a 2FA).
So yes, there are always risks if something isn't done right, but it's not a weakness of Electrum itself.

I don't think he installed a rogue app, maybe his computer is infected with a virus because he doesn't use any anti-virus software. While it may not be able to completely prevent all viruses, it will work for some. I have seen that he has switched to Linux, which should be better for him; in the end, this is the user's fault, not the wallet's.

All the cases that happened to Electrum were due to user error from inaccuracy or carelessness in the management of seed phrases, if someone blames the wallet application then all the current user funds have been in trouble because hackers will target theft from the highest fund wallet, so the latest case that happened to julerz will be be a valuable experience for all of us to increase the security factor and update any information from the official web.

On the other hand, I always download the latest version of Electrum to use and so far I haven't had any problems with either the old or new versions of Electrum. I have also read about his unfortunate incident, what the real cause is only he knows best, but I dare say it was his fault and not Electrum's. Electrum is arguably the most popular hot wallet in use to date, just because of a few cases of attacks we assume it's the wallet's fault. That is not correct, all attacks are largely due to user behavior.

I also read the incident that happened to @Julerz, if you look at it there was also negligence and Julerz was very complacent with the cold wallet, but I'm not saying that the cold wallet is dangerous. Because I have been using Electrum for 4 years and so far so good I have not experienced anything bad with it. Even though I haven't updated my electrum as he did, the hacker didn't get into it like what happened to him.

Because I have a backup of my seed phrase and private key in one of my USBs, and no one else knows right now what I have saved which are important pass keys, private keys, and so on.

Security is the first priority when you are going to invest in bitcoin. This is about your money, so just buy a ledger, spend money on it and in the end it will be much cheaper than if you lost everything that you store on your PC.

I understand that it is much easier to install electrum, it does not require any additional costs and at first it seems to be quite a reliable way. Electrum can also be used sometimes it's really convenient, but in that case it's worth keeping only a small amount, maybe only a few hundred dollars, so in case of theft it will not have a big impact on you.

They don't know such wallet exist or might not now where to buy them. Also these people are newbies when it comes to protecting their crypto assets from hackers. Most of them are like that and they are also not aware of this community where they can learn all they need to prevent themselves from getting hacked.

because in my opinion, people make shit. Most of these are fucking made up. Don't take too serious into it. Just like the 200BTC luke thing.

There's no security flaws on Electrum wallet, because if there's a security flaws many users will lost their funds and don't forget Electrum is open source, so anyone with high technical knowledge and experienced will report to Electrum's github.

If there's someone access his PC, it mean there's no hack because he just take over the PC and move all of the money without Julerz12 knowing. Hack is where someone use a malicious code or file without touching directly the user's PC.

@Julerz12,  Hacking of this manager's Electrum wallet is really surprising because the hacker hacked the escrow dollars of two of his signature campaigns.  On the other hand, the security system of Electrum wallet has been questioned.
We know the @Julerz12 manager very well, it's not like an honest manager like him can't handle the lure of just $5000.  I think maybe someone hacked his PC in his absence or hacked his PC line server and then took access to his PC.
For example a few days ago a bitcoin developer hacked 200 BTC with access to offline wallet of @lukedashjr.  This happened very miraculously as many might be wondering how a hardware/offline wallet is hacked.  Actually the incident happened differently, the hacker first hacked his home PC server line and later took access to his hardware wallet from the PC line.  Then a Bitcoin developer 200 BTC thus coincidentally falls into the hands of hackers.  In this case the security system of hardware wallet can never be responsible.

Do/Don't do This

1.Check your home server line security system thoroughly.
2. You should never download a software wallet from a phishing website.
3.You should not save your wallet's Backup key, Password, Seedphase etc. here and there.  Write down a security detail in a notebook or diary and keep it in a secret place.
4.If you are not at home i.e. not near your PC/mobile, close it and lock it in a secret place.  It is also possible that someone steals your device password and gains access to your wallet in your absence.
5. Don't leave your webcam on while the PC is online.
6. You should not connect wallet to any unknown website especially during airdrops / Bounty.  This will make your wallet more likely to get hacked.

There is nothing wrong with the Electrum wallet, it is safe and it varies how you will use it.
The vulnerabilities of using a software wallet are always there, and carelessness could be one reason that you perhaps get hacked, Electrum for a hot wallet could be fine but if you want more security level go for a Hardware wallet, after using it connecting to the device leaves nothing traces. This is a common problem for us upon keeping our coin, we want more convenience to use than the security level of our wallet.

---

A big amount should be on a hardware wallet, even malware hacks cannot be penetrated.
Lastly, always download it from the official website of Electrum and verify.

Yea of course it will vary from person to person, but most people definitely have access to hardware wallets — they just don't want to put in the effort because software wallets are simply better UX.

As for people in countries with crypto banned, yea it's going to be tough.

I've been running Electrum for many years. I don't always keep it updated because I find downloading and checking each update pretty troublesome, but in a way I'm a living proof that it's not the lack of updates that puts your coins at risk. If you have an older version that works for you and that was proven to have no bugs, there's no need to keep downloading new files and updating the wallet. The important part is what you use your computer for. I don't use it at all. I mean I have it on from time to time but I don't install anything and don't use it to check my email or anything.

Think of the Internet like a dirty bathroom. Don't touch anything suspicious looking and wash your hands every time

I'm sure the loss happened because OP stole the money or had malware on his computer, not because Electrum is compromised.

Agreed, and this is not that difficult, it is not that rare to have an old laptop which you can use as your cold storage and install Linux there which is much safer than Windows, now if someone wants to use Windows because they really like it, they need a piece of software that only runs there or for other reasons, they can use it if they want, but you must never put any kind of sensitive data there as the risk of losing that information is too high.

I believe one of the major flaw on the system of the person that was hacked while using the electrum 4.3.2 is lack of a good antivirus software.  All he has is the window defender which the person found out that it does not do anything.  With good anti-virus at least some known malware and viruses can be detected and deleted or quarantined before it infect our pc system.


Not only after installing but make sure that our system is free from any infection of malware or trojan before installing electrum wallet.  Always verify the application by checking the app signature.

Some people live in repressive environments where a hardware wallet cannot be brought or even smuggled in without seizure. Not on a country level, but at a community level. So software-based airgapped wallets like Sparrow wallet server provide necessary stealth for them.

I don't understand why either lmao, I mean of course there's the convenience of easy transfer and access of funds when you keep your assets on a hot wallet but that is almost always a death wish especially with how sophisticated these hackers become. There could be the notion of "fear of misplacing" these cold wallets but unless you carry your wallet with you everyday of your life instead of keeping it in a safety deposit box or a vault, you wouldn't have this problem. Also the age-old reason, "I keep forgetting". I've been an offender of this a couple times in my life. I always say I would buy a cold wallet whenever but I keep forgetting it lmao.

One thing I always recommend.  Separate your activities in multiple computers.  Have a computer dedicated for Cryptocurrency and a separate computer for the rest.  This way, you avoid theft of your Coins if you have the awfully bad habit of randomly clicking and installing stuff on your main computer.

Think of it like your Fiat wallet and your Savings account or your safe if you have one.  You separate the valuable from the less valuable because the latter is more prone to theft.  Unless you are an expert in digital security and storage, do not pretend you know best.  Even as an expert, it would be great if you still understand and be conscious of risk.

-
Regards,
PrivacyG

I provided a link up there: https://electrum.readthedocs.io/en/latest/coldstorage.html

But setup the cold storage on a device with newly reinstalled OS.

Like Trezor, it comes with tamper seal. I have not gotten one yet, if I want to buy, I will do more research about it. But I hope people that have bought it here can give more ways to know original Trezor and other hardware wallet. But buying from the right place is very important.

How about a paper wallet setup on wallet like Electrum? It may be hard for some people too. But people should care for their money, if they can not buy a hardware wallet, cold storage is still the safest way. A process used for making wallet on airgapped device can easily be used to setup HD paper wallet which is simpler if compared with single key paper wallet. I for example, I try all possible means to learn how to protect my coins which is the reason I knew how to. But you are right.

Sure a paper wallet or an airgapped device can work just as better. But the question is — what percentage of the masses are capable of using such a setup? Definitely a very small minority for sure.

If possible can you share with me any article or video which can explain in detail on how to set up Electrum as cold storage?

Also, i know that I should reset the hardware wallet after purchase but i will appreciate if I know how to identify that the hardware of the wallet is altered. This way I can buy a hardware wallet Ledger from a local reseller and check for myself if its hardware is original.

The problem is not in Electrum or any other respectable wallet, but in the way someone uses it. Having such a hot wallet on a computer that is used to download torrents, pirated software and visit pornographic websites is a perfect recipe for some kind of disaster to happen. Regardless of one's financial situation, one must find a way to protect oneself as much as possible from all online threats, even if it means that one has to give up some of the habits one had until then.

A good AV is not something that guarantees 100% security, but it is one of the important things if you use Windows OS, because it will prevent most viruses and malware from infecting your computer, thus protecting your crypto wallet.

Just bitcoin, for holding? A paper wallet is enough for that if it can be setup properly. Electrum on an airgapped device can be used for that as well. There is nothing safe like cold storage. Although, a hardware wallet can be used as cold storage too.

If the hack is true, what if it is a friend (and most likely someone close to him) that compromised his wallet and stole the coins? What if it is the seed phrase was seen and compromised by someone close to him like a friend?

Hardware wallet can help, but there are some other things to be known for coins not to be stolen on hardware wallet, and even cold storage, like clipboard malware.

If you can get official reseller, it is a very good option to buy hardware wallet, but the safest are still cold storage and you can use Electrum for that as well if you can setup the cold storage properly. Also you should know how to know the original hardware wallet  if you can get on from official reseller, but try and know how the original hardware looks like before buying and make sure it has the qualities after buying it and buy from the official resellers if possible.

Not that people do not want to buy Ledger or Trezor hardware wallet, but sometimes they are not allowed to buy it 
You may be living in a developed country but i am living in a country who are in an economic crisis. We do not have enough dollar reserves with our government and if i order this hardware wallet from the official site, i may never receive it as it will be held at customs.
Also, I would not take the risk to buy from local sellers, as we know that 3rd party sellers can manipulate the software and even the hardware of these wallets.


So people like me are left with the only option to use Electrum wallet (the best hot wallet so far known to me) and when we hear experienced people's wallets like julerz12 can be hacked, then what will become of ours wallet and bitcoin 

Yeah, they find it hassle to purchase a hardware wallet because they think that it's not worth it and the price is too much. It's the easiest and yet one of the strongest way to protect your assets.

At the same time, being aware of the typical ways of keeping your wallet still has to be monitored on how you browse with the use of your computer.

If someone can't purchase a hardware wallet but has got some spare device or laptop or desktop, use that as your personal wallet for which you'll not do anything about it except using it as a wallet and at most time, it's disconnected to the web.

As I explained above, his computer had malware. There was no vulnerability with Electrum - he simply used it in an insecure way.

Hardware wallets are much safer, yes, but they are not invulnerable to hacks, malware, vulnerabilities, etc. Complacency and thinking that your wallets are impossible to hack is often the first step in losing your coins.

So what mistake did make julerz12 with Electrum wallet? Was the vulnerability with Electrum or with their OS/PC?

Probably the easiest solution to reduce the risks of Electrum wallet hacking is to buy a hardware wallet. In this case, online theft is simply impossible due to the need to physically confirm any transaction.

It's the classic "I haven't been hacked yet so I won't get hacked" or "my computer is secure I won't get hacked". People being complacent because of easy-recovery on web platforms has been a very dangerous precedent.

This is very simple:
* if you have the skills and willingness to correctly set up and use a cold storage, start with that and use your live Electrum watch only, built only from the cold one's master public key.
* if you don't have those skills or just want more convenience, acquire a hardware wallet.

In both cases the backup seed doesn't have to touch any online device (and need to be backed up in multiple places).
I also recommend restoring at least once the cold storage or hardware wallet from the seed you're backing up, to make sure you indeed work with the wallet you think you're working with.
(Before using any electrum you should verify its signature, you know that, right?)

If you also really care about your privacy and you have the skills and hardware for that, you can consider setting up for yourself a bitcoin node, an electrum server and maybe a block explorer too.

That hack had nothing to do with Electrum and everything to do with the fact the user in question was using a hot wallet on a machine which had malware on it. No wallet software can protect against that.

There is nothing else he could have done in regards to installing Electrum itself. The steps he should have taken include not using a terrible OS like Windows and ending up with a device full of malware, not installing spyware software such as Google Chrome, and not using a hot wallet in the first place. If you install any hot wallet on an insecure machine, then your funds are at risk.

You can use Electrum safely by setting it up as a cold wallet or as a multi-sig wallet, or you can use a hardware wallet instead. But if you are going to use it as a hot wallet, then it can only ever be as secure as the device it is installed on, which in this case was not secure at all.

Even more ridiculous in this case since the user owns a Ledger device, but just didn't use it.

2FA for Electrum wallet is from Trustedcoin, a third party server.

Their server can be compromised but if you own two keys, you can sign your transactions. I don't want to use 2FA from Trustedcoin.

I will use a multisig wallet 2/3 cosigners on my different devices. One key for laptop, one key for desktop and one key I only create it and backup offline. I don't store that third key on any of my device and only import it if I need to use when one of two other keys can not be used.

I don't got why like a huge majority of bitcoin/crypto holders wouldn't just buy a Ledger/Trezor. If they just use a reputable hardware wallet and just keep the backup offline, that's pretty secure enough for long-term holding. But nooo, most people wouldn't want to pay a measly <$100 for security.

First of all, do not trust anyone. Because you have the wallet on your computer, do not let anyone have access to it. I mean do not let anyone have access to your computer.

You can setup a 2FA wallet and have the 2FA app on another device. But you may not like it because of addictional fee and because you do not have the thrid private key.

You can prefer to go for cold storage wallet, https://electrum.readthedocs.io/en/latest/coldstorage.html

You can even get a hardware wallet like Trezor and use it with Electrum wallet.

You may even prefer to setup a multisig wallet, but which will require more than one device.

Use a strong password.

Backup your seed phrase in a safe location. For better security, you can use passphrase along with it, but backup the passphrase in a different location. If you lose your passphrase or seed phrase, you will lose your coins.

You can enjoy reading these: Good topics on security and privacy

If you read this post, I've been hacked (Electrum 4.3.2), you will find that person lost his funds because he did not protect his wallet properly.

I would like people to tell and discuss that after installing Electrum wallet on the computer, what additional steps they should take so that there are minimal chances of their funds being hacked by the intruders and hackers.