ELECTRUM - UPDATE SAFELY AND AVOID PHISHING WALLETS ?
Electrum wallet is one of most favorite non-custodial bitcoin wallets. This wallet is light, high trusted, and has advanced features that some low-quality bitcoin wallets don't have.
It is natural that all wallets have to be upgraded by their developers and by users over time. Unfortunately, there is a fact
The more popular a software is, the more people have looked at it.
Today, I give you all - who have not yet known how to update your Electrum wallet safely - to know how to do it safely.
Let's get started by the first step to know when your Electrum wallet is outdated.
Help > Check for updates. (first image); then you will see this popped up windows
(second image)Now, what should you do to download newest version of Electrum?
I believe what most of you will do is clicking on the available link in popped up windows.
"You can download the new version from
https://electrum.org/#download"
Is this what you should do?
NO! You will be under risks if doing this.This is the first important step that you have to avoid.
There was attacks on Electrum wallets months ago, directly on links provide in their wallets.
Electrum vulnerability allows arbitrary messages, phishingSuch attacks might occur anytime in the future, so just be careful.
In reality, there are more other types of phishing sites, this one is an example, so you have to take care yourself by being very carefully download Electrum wallet.
make sure to verify the pgp signature of electrum before installing (installer) or running (appimage) it.
Tutorials to verify GPG signaturesGPG signatures are a proof that distributed files have been signed by the owner of the signing key. For example, if this website was compromised and the original Electrum files had been replaced, signature verification would fail, because the attacker would not be able to create valid signatures. (Note that an attacker would be able to create valid hashes, this is why we do not publish hashes of our binaries here, it does not bring any security).
In order to be able to verify GPG signatures, you need to import the public key of the signer. Electrum binaries are signed with ThomasV's public key. On Linux, you can import that key using the following command: gpg --import ThomasV.asc. Here are tutorials for Windows and MacOS. When you import a key, you should check its fingerprint using independent sources, such as here, or use the Web of Trust.
Tutorials for:
After successfully verify ThomasV's GPG signatures, you are safe to use your Electrum wallet for your bitcoin.
SUMMARY[1] Check for updates from official website (can check from wallet first, then re-check on official website)
[2] Always type site address to visit it:
electrum.org[3] Verify ThomasV's GPG signatures before installing new wallet versions
[4] Do all these three steps before doing bitcoin transactions in your newly updated wallet.
Read more, to have more fears on fake, phishing Electrum wallets, and being more careful.
[Warning]: Another Electrum Phishing site on the loose⚠⚠️⚠~Beware on active phishing Electrum websites~⚠⚠️⚠ (Collection list updated)Electrum vulnerability allows arbitrary messages, phishing