Topic: Electrum 3.3.4 (Read 207 times)

There are quite a few tutorials available.
You'd just need to follow them. It literally just takes 5 minutes. The step consists of
1) installing a software to check the digital signature (windows / mac)
2) downloading electrum and the signature file
3) checking/verifying the signature




As pooya87 mentioned, this is not related to electrum only. Or to bitcoin wallets only.
This applies to any software you download.

that is not an Electrum specific thing, anything that you download without verifying puts you in the risk of having downloaded a fake or malicious software and when something security sensitive such a bitcoin wallet is involved the chance is even higher.
keep in mind that being secure is not easy, of course at first it will look confusing and hard. you have to do it nonetheless and after a couple of times it becomes easy.

Okay that is what i recalled a while back, that it hasn't happened yet.


I would definitely want to check and verify, but the last few times when i did the download of the new electrum, when i looked at the digital signature... i remember being confused at how to verify it as it looked confusing.  Thats what i remembered.  Well yea... i can imagine first time i download something without verifying and then hack... that is why i didnt even want to touch electrum anymore.

Like I said, as far as I know, this has never happened... YET.


No. It is not OK... EVER. What if the one time you download and use it without verifying, is 5 minutes after the server got hacked for the first time?

"Don't Trust, VERIFY"

Hey hcp, yes i know what you mean.  But the last few times i downloaded the updated electrum, i never checked the digital verification signature because I didn't know how.  I saw the instructions last time and it confused me... so i just made sure i downloaded from the site and its fine.


Has there ever been a case when someone downloaded from the official electrum site and downloaded malware because of a hacker hacking the server ever though?  Because if it still hasn't happened even once... then it should be fine even not checking the signature right?

That error message is because the wallet file version has been updated to a newer version. Newer versions of Electrum can make subtle changes to the format of the wallet file that cause problems with older versions of Electrum, so to prevent this, a version number is stored within the wallet file itself. If the version number of the wallet file is greater than what the version of Electrum is expecting, it will generate that error.

Specifically, it is the "seed_version" value stored in the wallet file:





If that had happened, it would be all over this forum.

And that is why verifying the file is the best solution... it doesn't matter where you download the file from, if the digital signature checks out, the file is "OK"... and if hackers somehow did hack the server and put a malicious version on the official site, the digital signature verification would fail and everyone would know it was bad.

---

TLDR; If you don't want to use Electrum, uninstall it... if you do want to use Electrum, update it to the latest version (AFTER verifying the downlaoded installer)... verification is not difficult and does not take long.

According to Electrum 3.3.3 and low versions still infected with phishing but 3.3.4, I think it still fine but I tried to use the 3.3.4 today but it shows me an error like "Cannot load wallet this version of Electrum is too old". That's why I decided to download the latest version directly from https://download.electrum.org/

If you want to verify the Electrum 3.3.4 that you currently using and to check if it's not a fake a one you should verify the signature of that file.
If you confuse on some guides from this forum much better watch this video https://www.youtube.com/watch?v=lCG3c8a7HZI

Okay so the version i have is the oldest version I could have where I don't get any of those malicious updates right?  I remember over a year ago someone said make sure you update to 3.3.4 and you won't get any of those messages.  So that is still the case as of today?


You ask why not remove the installed version and download the latest version?  Well... because i really don't want to use electrum or even turn it on anymore because of fear in case a message suddenly pops up.  Years ago when they started having those malicious updates, I didn't check my electrum wallet for a long time because i was concerned if i open it and i get a message, somehow something goes wrong.  And i haven't kept any btc in electrum in over a year already... i don't plan to send any btc to it unless its a small amount. 



So thats why i dont want to download the latest version.  Also any electrum i ever downloaded... i made sure i downloaded straight from the exactly electrum site.  But my issue was i never verified the signature ever... because I didn't know how to do it.  I saw the instructions and it was just confusing to me.  So everytime i downloaded an update till the last updated electrum I did, i was very nervous each time.  Like imagine yea its the real electrum update on the site... but hackers somehow got in electrum server and anyone who download or did an update on electrum around that time could download malicious electrum.  So thats why...

Electrum versions older than 3.3.4 were vulnerable to phishing attack. In versions older than 3.3.4, servers could display a message asking you to download the new update (malware).
For more details, click the link below.
when broadcasting transaction, error message from server is displayed as is

Since, the version currently installed in your system is 3.3.4, I don't think you will see such a message unless that's a fake version. (Ignore it if such a message is displayed).

By the way, why not to remove the currently installed version and download the latest version from the official website?

Hey there.  Well i never updated electrum in a while because i haven't used it in over a year... also have no btc kept there anymore.  The only reason i ask this is because im considering sending some btc from my new nano ledger s to the electrum because i restored my nano ledger s seed but not sure if its linked to my old coins in my old nano ledger s.  Can you look at my last posts in hardware thread on this?


Yes i use windows ten.  Backup of my electrum wallet?  I dont have any btc there at all and haven't for over a year and don't plan to keep any btc in it.  If you mean backup of the electrum seed... i have that as i wrote that down years ago.


But its still risky opening the electrum version i have now?  So if i do a transaction with it whether it works or not, there is still potential risk even opening the program up?  Or only if you see the update electrum message?  Again, I haven't opened electrum in a long time and don't plan to use it anymore... its just right now i was thinking about sending tiny amount of btc to it from nano ledger s because i restored my nano ledger seed but not sure if my old coins from the old nano ledger s is there.

There is no good reason to continue to use an old version of Electrum. You expose yourself to unnecessary bugs and risks.

First of all, I would make a back up of your wallets. Am I right in saying you are using Windows? If so, you will find your wallet folder at C:\Users\YourUserName\AppData\Roaming\Electrum.

Download the new version from nowhere other than this link: https://electrum.org/#download

On Windows, follow these instructions to download Gpg4win and use Kleopatra to verify the download using Thomas Voegtlin's key as below:

Install and open your wallets.

Update electrum to the most recent version now and just use that if your old electrum can't connect. I think it was said to be 3.3.5 and up that can.

If you are able to spend coins in electrum, that means the time before the last update you had those funds - you might or might not have them now..

If you're going to go and come back and you go for more than a month, could you open up a thread here and use Google to search for any new bugs that might have needed a critical update.

You can also check the changelog here: https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES

Hi.  I used electrum a while back when i first had btc.  I kept btc in electrum for a while until a few years ago, i got a nano ledger s and transferred all my btc from electrum to the nano ledger s.  Main reason was because i read about hardware wallets years ago and how its better and how electrum had all the fake wallets/updates which did not make me feel good about electrum.



Since then, I have used electrum once or twice only and it was to send/receive a small amount of btc there and then send it to my nano ledger s or a site etc.



I just logged into my electrum and I see the version i have is 3.3.4.  Again i have not downloaded updated versions because i haven't done a transaction there or kept btc there in over a year.  



What I like to know is if i want to make a few frequent transactions with electrum, such as sending btc to electrum and vice versa, is it fine to just use this version or not?  I remember last time i downloaded to this version, someone said make sure i have at least this version i have.  So i downloaded it.  Or its better to upgrade to the latest version even if I don't plan to use it?  I didn't feel like good idea because with all the fake wallets and messages out there with electrum.  I don't even like clicking the electrum icon and opening it thinking i get an update message etc.



The thing is now... I wanted to send a tiny amount of btc to my electrum account because my old nano ledger s stopped working... then i got a new nano ledger s... and then i put in the nano ledger s seed recovery and i believe my coins are restored to my new nano ledger s that i got.  But im not for sure the coins i have in ledger live is connected to my current nano ledger s.  So i was thinking about sending tiny amount of btc from my new nano ledger s  to an old electrum address to see if it works.  Then if it does, i would then send that tiny amount of btc from electrum back to my nano ledger s.  But my concern would be... if i try to send btc from electrum back to nano ledger s, is there a chance i see a message to download the newest electrum and it could be malware?  So that is why i havent used electrum in a while because concern of popup and asking about downloading an update.



But would i need to send btc from my nano ledger s to my electrum to confirm my coins are indeed in my new nano ledger s though if when i tried to send earlier, it seem to show the small amount of btc and the electrum address and ask if i like to accept/decline the transaction?  Because if i had no btc in my current nano ledger s, it wouldn't even allow me to attempt to send 0.0001 btc to an old electrum address and ask for me to accept/reject right?



This is my issue i posted on the hardware wallet forum.  Could you read the last few posts especially since I believe my coins are in my new nano ledger s?  There is no point of sending tiny amount of btc anyway to electrum to confirm i have these coins because it got to the last step of accept/reject right?  Or just send the tiny amount of btc anyway to electrum to test it out?


https://bitcointalk.org/index.php?topic=5278508.20