Topic: Does Electrum wallet has a special advantage than other wallet? (Read 241 times)

people should seriously stop referring to Electrum nodes as "servers" because even though it is a correct term to use but it is very misleading. these aren't servers like other light weight wallets might use. you don't connect to get a balance! these are actual nodes which you connect to, receive block headers, your transactions AND merkle trees to verify whether the received transaction and its confirmation status (the block number) was correct.
that means Electrum nodes can NOT lie about a transaction being confirmed. the only thing they can lie about is saying it is unconfirmed which can not cause any harm.

I think it's more privacy rather than security problem.

Thanks to SPV mechanism, all malicious server could do are refusing some service (e.g. return transaction information and broadcast signed transaction) and giving malicious message (if you use older version of Electrum).

Security-wise there is no difference between copying a private key and having the mnemonic code displayed / generated somewhere on the computer.

Theoretically that's true, because there is a lot of 'dumb malware' which doesn't even compromise the system properly, but instead just acts like a clipping board malware for example.
But if you look at the security itself, this wouldn't change much.

And electrum also allows to copy single private keys.




They aren't discouraged.
Paper wallets are secure if generated properly. Regardless of how you generate the private key (either randomly or by deriving it from a seed).




There is no sense in generating the desktop wallet offline if you are going to use it on an online computer.
This makes sense when creating a paper wallet, but has no advantage when installing / initializing a desktop wallet.




Just because it is a lightweight wallet, this does not mean that the security affected in any way.
You could theoretically receive wrong information regarding transactions. But the security of your funds is not affected.

Actually the advise is valid. One thing is the wallet internally handling it (but never exposing it) and a whole other thing is when the user handles it.  One thing that should never be done, is actually display, and much less copy and paste the private key. That is why even the seed word pnemonics are a tiny little better, especially since you only see them once at creation when the new wallet has zero funds...

If you scan, copy or print the private key directly, there are many malware that could recognize it. This is why the traditional paper wallets are so discouraged, and people are urged to use the seed words instead (which dumb malware might not distinguish from, say, what you are typing here).

Of course ideally you would not be running insecure OSes in the first place. It is my opinion that running Electrum or any other wallet on windows is very irresponsible. Windows should not be used for anything serious, not money handling, banking, passwords, bitcoin wallet, 2fa, etc. You should stick to a secure os, such as Linux or BSD for these tasks. Next step is, of course doing the whole wallet creation in a separate offline computer that is live booted for this task (and such computer doesn't even need a hard drive).

Electrum is a light wallet, indeed that model is more insecure since you are trusting a third party server, rather than the blockchain directly. BUT, you can ALSO run your own private Electrum server on your own node and tell your wallet to connect locally over your (hopefully) secure LAN... So the light client part is optional.

I find Electrum very flexible in this regard, it is better than core and many others in my opinion.

Electrum has many advantages.
For example, it's a lite-wallet that does not need to download the whole blockchain; then it's open source and you can always verify the authenticity of its signature. Then I would say other pros of Electrum are its strong and large community as well as its known and reliable developers.

If you are using a desktop wallet (which electrum is), you are automatically dealing with private keys.
Well, to be more precise.. the software you are using is dealing with private keys. And that's already enough to be at risk if your computers gets infected with malware.

Any wallet you are using (which has the ability to send BTC) has to use private keys to sign transactions.
It doesn't matter whether you are importing private keys or whether you are using a mnemonic code and let the wallet handle everything else.
As long as the information is available, there is a risk.

Electrum never going to steal your private key but don't deal with private keys.
You can expose the private key to some malicious program on your system. Create a new wallet and transfer BTC to a new address as it doesn't' cost much.

That's generally good advice, but I think it's a little too complicated for beginners since they need to use two devices and two Electrum. On the other hand, this gives far greater security, because the main wallet is never online, so it cannot be hacked. In my opinion, this is the only safe way to use the Electrum and similar wallets, because no matter what we do to protect ourselves, hackers never sleep.

---

franklin2058, I would say that a special advantage of Electrum is a fact that it is open-source, it is free to use and it is user-friendly. As others have noted, you don't have to worry about Electrum developers, they have no power to steal anything from you. You need to adopt best security practices, have a virus/malware free device and verify a file signature before installations.

the combination of the following 2 reasons means it is not possible for Electrum to have anything malicious:
1. it is open source so the code can be reviewed by anyone at any time. and using git each time there is a new commit the contents of it can easily be reviewed for future changes.

2. the builds are deterministic which means if you compile the source you will end up with the same binaries (having same hashes) so when you, as a regular user, don't compile the source and instead download the binaries you can be sure that it (the .exe for instance) is the compiled version of the same source code if someone else has checked the hashes before.

If you are so anxious, why not use the wallet in cold storage mode?
You can use a computer that is never connected to the Internet (Air Gapped) and thus will ensure that no one can know your private key.
Generating bitcoin addresses does not need the internet, you can also sign the message on a computer that is not connected to the internet and only boradcast it from any other device, thus ensuring that this private key is not known.

No, because Electrum is open source wallet & anyone can check it's fishy or not. Electrum doesn't hold your private key, your private key is encrypted. So, the team behind Electrum can't steal your private key. Follow what BitCryptex said and you will be okay.
Remember to download from official website only- electrum.org

Any software you install on your computer can steal basically anything from your computer as long as the user running it has access to that resource and it's connected to the internet.
But the official Electrum is not malicious and its source code is publicly available (so anybody can check this).

As long as you download Electrum from the official website and verify the installer, your coins will be safe. You should create a new wallet, save the seed in a safe place and send your coins there rather than use the imported wallet. It will be much easier for you to recover it in the future.

Can the people behind Electrum wallet steal my private key if I import my bitcoin through private key? Why?

Thank you very much!