Topic: Is Electrum a safe wallet to keep bitcoins? (Read 54637 times)

options:
- spend some money and buy a hardware wallet and store your funds there
- learn more about cold storage and choose one of the options that suits your need.

• if you want it to be your long term storage then use paper wallet. use something like bitaddress, make a copy and run it offline on a clean computer and generate a key pair and print it on a paper, etch on a metal,...
  
• if you want a more dynamic wallet where you can still spend then use the Linux on a USB with Electrum on it. make sure you disable its network, encrypt the home folder (you need to install on USB not run live), disable guest login, encrypt Electrum wallet file, and make backups on paper from your seed and passwords.
• you can also always run a live linux from a DVD, generate a new wallet, write down the seed and turn it off. each time you want to use your wallet you will have to recover your wallet from seed, spend and turn off! it is not as safe but it is one way to do it.

It will be more safer if you do make use of electrum instead of exchange wallet and blockchain.info itself yet we have all known 3rd party wallets wont really give you the access into your wallet address and once those services shut down then your coins will be gone forever and theres no chance for recovery.

Regarding to your question, before making any transactions or transfers just make sure you do have a clean PC which arent prone to malware or any keyloggers. If you do make use electrum you can create and be sure to back it up the privatekeys and make your wallet encrypted anytime.

It is possible, of course. It would be even better if you decided to use a separate laptop without Internet connection on which you could store your encrypted private keys and sign transactions. If you are not going to send your bitcoins often then you will be fine with simply generating your wallet with live CD operating system, encrypting it (doing it either in Electrum or using a third party app such as VeraCrypt) and store on multiple devices in case one fails.

I want to invest some more to Bitcoin for longer term. Till now I always used exchanges and blockchain.info to store small amounts. I am worried about running Electrum or any cold storage key generators, because of chance my Windows PC is infected. What are my options? I am thinking if it would be possible to run some Linux distribution with GUI from USB stick, install Electrum wallet on this OS to generate keys and seed words and backing everything up until needed.

Not good enough.

Passwords can easily be cracked and brute-forced. Also key-logger is an issue.

You need to COLD STORAGE your bitcoin if you want to be really safe.

One thing you might consider is loading the Electrum, saving the password and seed words, doing the work you need to do, including making records of your work, and then deleting the program and data from your computer completely.

The goal here is years later to be able to restore the program. By design with Electrum this should be possible using the password, seed words, notes as to the operating system and computer used, version of Electrum used, etc.

If you are uncertain about this, test it with a wallet with a nominal amount of funds.

Note that if you go this route don't enable 2FA. The chance you'll have the 2FA device such as your current phone five or ten years later is near zero.

I have been using Electrum for some time, since it is much more convenient compared to bitcoin core wallet.
As you said, I set a very strong password. It should be secure enough as long as nobody get my password.

Did you check the hashes when you downloaded electrum to verify that it was authentic?

There are people (maybe researchers, not sure about businesses) who specialize in tracking bitcoin, you could look into contacting one of them. I imagine you could set up an alert on the bitcoin address it was sent to. When it gets sent to another address, and so on, perhaps it could eventually be tracked to an exchange.

If you were offline, how did it get sent? The security vulnerability was apparently related to javascript in a website, were you online when it happened?

If you had a password set then there is no way you were vulnerable to the json rpc exploit.

Totally feel the Electrum is the safest wallet and that any cases of accounts being compromised is indeed the users' fault... Never had any issues with Electrum or other wallets as a matter of fact.

I can say for sure that EVERY SINGLE case I ever read about how "Electrum stole me" or "Electrum is unsafe" turned out to be the user's fault. EVERY SINGLE ONE OF THEM. I (plus a HUGE part of the community) am using Electrum for over 2 years and I trust them. Even after this security issue, I have never seen a single case where someone lost their funds due to this exploit. So, IMHO that was (probably) your fault.

1. Norton AV can't find every viruses. And if you had a malware, a big password doesn't mean anything.
2. Are you sure that you downloaded the wallet from Electrum.org? I can remember at least 2 cases where the user claimed that he did while he actually downloaded a fake software from electrumwallet.com or something similar.

I don't think so.

That's very unlikely.

Probably just a waste of time.

---

Btw, why aren't you storing over $110k in BTC in a hardware wallet?

I opened my Electrum wallet today, January 18, 2007 and found out that on January 2, 2018 all my bitcoins (7.88014412 btc worth $110,682.86 USD) were sent to the following bitcoin address:1BhbPsVryBx9vBwLgaFRg2jY4Y1dh9i5vf

Electrum is claiming to have been hacked and my coins were stored in Electrum and there was no way anyone could access my computer as it stayed offline and powered down until I needed to access my bitcoins.

Electrum Wallets Were Vulnerable and Nothing Was Done For Two Years. My Bitcoins were either stolen from my Electrum Wallet or Electrum just made Billions by claiming they were hacked. STAY AWAY FROM ELECTRUM!!!

Apparently, Electrum knew about the vulnerability in their software for over two years. They are only claiming they knew about the security issue as of November 24, 2017 and did nothing about it until January 7, 2018 which just happens to be 5 days after my coins were stolen.

Electrum never warned wallet owners of the severity of the security vulnerability and after learning about the problem, they were negligent by not releasing a patch, immediately, to fix the problem. If nothing else, they should have at least informed wallet owners to move their coins out until the problem was fixed.

Read more about Electrum's carelessness about security within their software here: https://motherboard.vice.com/en_us/article/ev55na/electrum-bitcoin-wallets-were-vulnerable-to-hackers-for-two-years-json-rpc

I did not have 2FA enabled but I did have a very long password that had to be entered before funds could be transferred. I also have Norton AV installed and no viruses have been found.

Is there any way you can help me get my money back? or anyone you can recommend that can help me track down the owner of this wallet where my funds were sent to, or recommend someone who knows how I can file a lawsuit against Electrum?

http://bitcoinwhoswho.com/address/1BhbPsVryBx9vBwLgaFRg2jY4Y1dh9i5vf
https://blockchain.info/address/1BhbPsVryBx9vBwLgaFRg2jY4Y1dh9i5vf

There's an upsate regarding Electrum upgrade and I hope they will manage it properly because millions of users won't trust them again. And part of bitcoiners I want to save my bitcoin in electrum wallet.

"News: ♦ Critical vulnerablity in Electrum; SHUT DOWN ELECTRUM IMMEDIATELY and upgrade. Other clients are fine"

https://bitcointalksearch.org/topic/critical-electrum-vulnerability-2702103

I think he was specifically referring to the user who said that backing up addresses/private keys was a good idea. The issue being that you could get into the situation where you are missing certain addresses/private keys...

Having the seed means you will be covered no matter what. Of course, having BOTH the seed and addresses/private keys is probably "safer"... but really unnecessary. In summary, in my opinion:

Addresses/private keys only = Potentially dangerous
Seed only = Perfectly Adequate
Seed+Addr/Priv keys = Overkill

Since the wallet.dat file includes the seed, how is it that some transactions could be on addresses not backed up? Eg, one can load the already encrypted wallet file, enter the password, and then can view the seed. Which is what is necessary to generate all the additional addresses. Therefore it is only a temporary problem?

Based on the information you have provided... yes, it would appear you have a Non SegWit standard Electrum wallet.

Thanks for your explanation and advice.
All my addresses in Electrum start with a "1", and there is a [standard] at the end of the title.
So it must be a  "legacy" (aka. NON SegWit) standard wallet. right?

The golden rule has always been... You need to have access to the private keys to ensure access to fork coins...

Electrum gives you access to private keys... So the short answer is "yes, with a couple of conditions".

Those conditions would be that Electrum MultiSig and/or 2FA wallets have historically been problematic when it comes to accessing fork coins.

SegWit wallets are likely to be just as problematic.

My advice, if you're planning on holding coins in Electrum for the purposes of getting access to fork coins is to use a "legacy" (aka. NON SegWit) standard wallet (Generated addresses should start with a "1") to reduce the chances of issues when claiming.

If I store bitcoin in electrum wallet, can I claim future bitcoin forks?
I heard there will be some fork happening in Decemeber.