Pages:
Author

Topic: Is Electrum a safe wallet to keep bitcoins? (Read 54642 times)

legendary
Activity: 3472
Merit: 10611
April 25, 2018, 10:41:55 PM
#61
I want to invest some more to Bitcoin for longer term. Till now I always used exchanges and blockchain.info to store small amounts. I am worried about running Electrum or any cold storage key generators, because of chance my Windows PC is infected. What are my options? I am thinking if it would be possible to run some Linux distribution with GUI from USB stick, install Electrum wallet on this OS to generate keys and seed words and backing everything up until needed.

options:
- spend some money and buy a hardware wallet and store your funds there
- learn more about cold storage and choose one of the options that suits your need.
  • if you want it to be your long term storage then use paper wallet. use something like bitaddress, make a copy and run it offline on a clean computer and generate a key pair and print it on a paper, etch on a metal,...
  • if you want a more dynamic wallet where you can still spend then use the Linux on a USB with Electrum on it. make sure you disable its network, encrypt the home folder (you need to install on USB not run live), disable guest login, encrypt Electrum wallet file, and make backups on paper from your seed and passwords.
  • you can also always run a live linux from a DVD, generate a new wallet, write down the seed and turn it off. each time you want to use your wallet you will have to recover your wallet from seed, spend and turn off! it is not as safe but it is one way to do it.
hero member
Activity: 2926
Merit: 722
DGbet.fun - Crypto Sportsbook
I want to invest some more to Bitcoin for longer term. Till now I always used exchanges and blockchain.info to store small amounts. I am worried about running Electrum or any cold storage key generators, because of chance my Windows PC is infected. What are my options? I am thinking if it would be possible to run some Linux distribution with GUI from USB stick, install Electrum wallet on this OS to generate keys and seed words and backing everything up until needed.
It will be more safer if you do make use of electrum instead of exchange wallet and blockchain.info itself yet we have all known 3rd party wallets wont really give you the access into your wallet address and once those services shut down then your coins will be gone forever and theres no chance for recovery.

Regarding to your question, before making any transactions or transfers just make sure you do have a clean PC which arent prone to malware or any keyloggers. If you do make use electrum you can create and be sure to back it up the privatekeys and make your wallet encrypted anytime.
legendary
Activity: 1876
Merit: 3132
I am thinking if it would be possible to run some Linux distribution with GUI from USB stick, install Electrum wallet on this OS to generate keys and seed words and backing everything up until needed.

It is possible, of course. It would be even better if you decided to use a separate laptop without Internet connection on which you could store your encrypted private keys and sign transactions. If you are not going to send your bitcoins often then you will be fine with simply generating your wallet with live CD operating system, encrypting it (doing it either in Electrum or using a third party app such as VeraCrypt) and store on multiple devices in case one fails.
member
Activity: 104
Merit: 10
I want to invest some more to Bitcoin for longer term. Till now I always used exchanges and blockchain.info to store small amounts. I am worried about running Electrum or any cold storage key generators, because of chance my Windows PC is infected. What are my options? I am thinking if it would be possible to run some Linux distribution with GUI from USB stick, install Electrum wallet on this OS to generate keys and seed words and backing everything up until needed.
legendary
Activity: 3808
Merit: 1723
If you had a password set then there is no way you were vulnerable to the json rpc exploit.


I have been using Electrum for some time, since it is much more convenient compared to bitcoin core wallet.
As you said, I set a very strong password. It should be secure enough as long as nobody get my password.

Not good enough.

Passwords can easily be cracked and brute-forced. Also key-logger is an issue.

You need to COLD STORAGE your bitcoin if you want to be really safe.
legendary
Activity: 2926
Merit: 1386
I just installed it. The original wallet takes ages and centuries to load so i decided to give electrum a try. I will use it for loading my paper wallet balance. It looks safe enough, offers 2FA. But right now i don't trust anything which connects to internet when it comes to crypto coins so i think i will transfer my funds back to my paper wallet after i make my purschases.

One thing you might consider is loading the Electrum, saving the password and seed words, doing the work you need to do, including making records of your work, and then deleting the program and data from your computer completely.

The goal here is years later to be able to restore the program. By design with Electrum this should be possible using the password, seed words, notes as to the operating system and computer used, version of Electrum used, etc.

If you are uncertain about this, test it with a wallet with a nominal amount of funds.

Note that if you go this route don't enable 2FA. The chance you'll have the 2FA device such as your current phone five or ten years later is near zero.



sr. member
Activity: 560
Merit: 261
If you had a password set then there is no way you were vulnerable to the json rpc exploit.


I have been using Electrum for some time, since it is much more convenient compared to bitcoin core wallet.
As you said, I set a very strong password. It should be secure enough as long as nobody get my password.
sr. member
Activity: 503
Merit: 286
OPINION:     
ELECTRUM IS CLAIMING TO BE HACKED

I opened my Electrum wallet today, January 18, 2007 and found out that on January 2, 2018 all my bitcoins (7.88014412 btc worth $110,682.86 USD) were sent to the following bitcoin address:1BhbPsVryBx9vBwLgaFRg2jY4Y1dh9i5vf

Electrum is claiming to have been hacked and my coins were stored in Electrum and there was no way anyone could access my computer as it stayed offline and powered down until I needed to access my bitcoins.

Electrum Wallets Were Vulnerable and Nothing Was Done For Two Years. My Bitcoins were either stolen from my Electrum Wallet or Electrum just made Billions by claiming they were hacked. STAY AWAY FROM ELECTRUM!!!

Apparently, Electrum knew about the vulnerability in their software for over two years. They are only claiming they knew about the security issue as of November 24, 2017 and did nothing about it until January 7, 2018 which just happens to be 5 days after my coins were stolen.

Electrum never warned wallet owners of the severity of the security vulnerability and after learning about the problem, they were negligent by not releasing a patch, immediately, to fix the problem. If nothing else, they should have at least informed wallet owners to move their coins out until the problem was fixed.

Read more about Electrum's carelessness about security within their software here: https://motherboard.vice.com/en_us/article/ev55na/electrum-bitcoin-wallets-were-vulnerable-to-hackers-for-two-years-json-rpc

I did not have 2FA enabled but I did have a very long password that had to be entered before funds could be transferred. I also have Norton AV installed and no viruses have been found.

Is there any way you can help me get my money back? or anyone you can recommend that can help me track down the owner of this wallet where my funds were sent to, or recommend someone who knows how I can file a lawsuit against Electrum?

http://bitcoinwhoswho.com/address/1BhbPsVryBx9vBwLgaFRg2jY4Y1dh9i5vf
https://blockchain.info/address/1BhbPsVryBx9vBwLgaFRg2jY4Y1dh9i5vf


Did you check the hashes when you downloaded electrum to verify that it was authentic?

There are people (maybe researchers, not sure about businesses) who specialize in tracking bitcoin, you could look into contacting one of them. I imagine you could set up an alert on the bitcoin address it was sent to. When it gets sent to another address, and so on, perhaps it could eventually be tracked to an exchange.

If you were offline, how did it get sent? The security vulnerability was apparently related to javascript in a website, were you online when it happened?
legendary
Activity: 3682
Merit: 1580
If you had a password set then there is no way you were vulnerable to the json rpc exploit.

jr. member
Activity: 85
Merit: 1

-snip-
I can say for sure that EVERY SINGLE case I ever read about how "Electrum stole me" or "Electrum is unsafe" turned out to be the user's fault. EVERY SINGLE ONE OF THEM. I (plus a HUGE part of the community) am using Electrum for over 2 years and I trust them. Even after this security issue, I have never seen a single case where someone lost their funds due to this exploit. So, IMHO that was (probably) your fault.

1. Norton AV can't find every viruses. And if you had a malware, a big password doesn't mean anything.
2. Are you sure that you downloaded the wallet from Electrum.org? I can remember at least 2 cases where the user claimed that he did while he actually downloaded a fake software from electrumwallet.com or something similar.

Totally feel the Electrum is the safest wallet and that any cases of accounts being compromised is indeed the users' fault... Never had any issues with Electrum or other wallets as a matter of fact.
legendary
Activity: 2758
Merit: 6830
-snip-
I can say for sure that EVERY SINGLE case I ever read about how "Electrum stole me" or "Electrum is unsafe" turned out to be the user's fault. EVERY SINGLE ONE OF THEM. I (plus a HUGE part of the community) am using Electrum for over 2 years and I trust them. Even after this security issue, I have never seen a single case where someone lost their funds due to this exploit. So, IMHO that was (probably) your fault.

1. Norton AV can't find every viruses. And if you had a malware, a big password doesn't mean anything.
2. Are you sure that you downloaded the wallet from Electrum.org? I can remember at least 2 cases where the user claimed that he did while he actually downloaded a fake software from electrumwallet.com or something similar.

Is there any way you can help me get my money back?
I don't think so.

or anyone you can recommend that can help me track down the owner of this wallet where my funds were sent to
That's very unlikely.

or recommend someone who knows how I can file a lawsuit against Electrum?
Probably just a waste of time.

Btw, why aren't you storing over $110k in BTC in a hardware wallet?
newbie
Activity: 23
Merit: 0
OPINION:     
ELECTRUM IS CLAIMING TO BE HACKED

I opened my Electrum wallet today, January 18, 2007 and found out that on January 2, 2018 all my bitcoins (7.88014412 btc worth $110,682.86 USD) were sent to the following bitcoin address:1BhbPsVryBx9vBwLgaFRg2jY4Y1dh9i5vf

Electrum is claiming to have been hacked and my coins were stored in Electrum and there was no way anyone could access my computer as it stayed offline and powered down until I needed to access my bitcoins.

Electrum Wallets Were Vulnerable and Nothing Was Done For Two Years. My Bitcoins were either stolen from my Electrum Wallet or Electrum just made Billions by claiming they were hacked. STAY AWAY FROM ELECTRUM!!!

Apparently, Electrum knew about the vulnerability in their software for over two years. They are only claiming they knew about the security issue as of November 24, 2017 and did nothing about it until January 7, 2018 which just happens to be 5 days after my coins were stolen.

Electrum never warned wallet owners of the severity of the security vulnerability and after learning about the problem, they were negligent by not releasing a patch, immediately, to fix the problem. If nothing else, they should have at least informed wallet owners to move their coins out until the problem was fixed.

Read more about Electrum's carelessness about security within their software here: https://motherboard.vice.com/en_us/article/ev55na/electrum-bitcoin-wallets-were-vulnerable-to-hackers-for-two-years-json-rpc

I did not have 2FA enabled but I did have a very long password that had to be entered before funds could be transferred. I also have Norton AV installed and no viruses have been found.

Is there any way you can help me get my money back? or anyone you can recommend that can help me track down the owner of this wallet where my funds were sent to, or recommend someone who knows how I can file a lawsuit against Electrum?

http://bitcoinwhoswho.com/address/1BhbPsVryBx9vBwLgaFRg2jY4Y1dh9i5vf
https://blockchain.info/address/1BhbPsVryBx9vBwLgaFRg2jY4Y1dh9i5vf
full member
Activity: 364
Merit: 101
There's an upsate regarding Electrum upgrade and I hope they will manage it properly because millions of users won't trust them again. And part of bitcoiners I want to save my bitcoin in electrum wallet.
newbie
Activity: 51
Merit: 0
"News: ♦ Critical vulnerablity in Electrum; SHUT DOWN ELECTRUM IMMEDIATELY and upgrade. Other clients are fine"

https://bitcointalksearch.org/topic/critical-electrum-vulnerability-2702103
HCP
legendary
Activity: 2086
Merit: 4361
December 12, 2017, 10:00:59 PM
#47
Since the wallet.dat file includes the seed, how is it that some transactions could be on addresses not backed up? Eg, one can load the already encrypted wallet file, enter the password, and then can view the seed. Which is what is necessary to generate all the additional addresses. Therefore it is only a temporary problem?
I think he was specifically referring to the user who said that backing up addresses/private keys was a good idea. The issue being that you could get into the situation where you are missing certain addresses/private keys...

Having the seed means you will be covered no matter what. Of course, having BOTH the seed and addresses/private keys is probably "safer"... but really unnecessary. In summary, in my opinion:

Addresses/private keys only = Potentially dangerous
Seed only = Perfectly Adequate
Seed+Addr/Priv keys = Overkill
sr. member
Activity: 503
Merit: 286
December 12, 2017, 07:40:29 PM
#46
Quote

Besides restoring from seed you can also restore from a backed up wallet file and password. However,wallet files can sometimes get corrupted, and you can generate a new uncorrupted one using the seed.

Electrum can use the seed to generate an almost unlimited number of addresses and corresponding private keys. Each time you send coins from one address it sends the change left over to a new address by default. If you only have a few private keys backed up, then make a lot of transactions most of the change left over could get sent to new addresses which you haven't backed up.

There is an electrum setting that forces your wallet to send left over change back to the address you sent from, but you have to manually change the settings to make your wallet do that. If you don't alter the "out of the box" settings your wallet will send change to a new address after every transaction.

Since the wallet.dat file includes the seed, how is it that some transactions could be on addresses not backed up? Eg, one can load the already encrypted wallet file, enter the password, and then can view the seed. Which is what is necessary to generate all the additional addresses. Therefore it is only a temporary problem?
HCP
legendary
Activity: 2086
Merit: 4361
November 30, 2017, 01:35:23 PM
#45
Thanks for your explanation and advice.
All my addresses in Electrum start with a "1", and there is a [standard] at the end of the title.
So it must be a  "legacy" (aka. NON SegWit) standard wallet. right?
Based on the information you have provided... yes, it would appear you have a Non SegWit standard Electrum wallet.
sr. member
Activity: 560
Merit: 261
November 30, 2017, 06:47:32 AM
#44
If I store bitcoin in electrum wallet, can I claim future bitcoin forks?
The golden rule has always been... You need to have access to the private keys to ensure access to fork coins...

Electrum gives you access to private keys... So the short answer is "yes, with a couple of conditions".

Those conditions would be that Electrum MultiSig and/or 2FA wallets have historically been problematic when it comes to accessing fork coins.

SegWit wallets are likely to be just as problematic.

My advice, if you're planning on holding coins in Electrum for the purposes of getting access to fork coins is to use a "legacy" (aka. NON SegWit) standard wallet (Generated addresses should start with a "1") to reduce the chances of issues when claiming.

Thanks for your explanation and advice.
All my addresses in Electrum start with a "1", and there is a [standard] at the end of the title.
So it must be a  "legacy" (aka. NON SegWit) standard wallet. right?
HCP
legendary
Activity: 2086
Merit: 4361
November 30, 2017, 04:26:28 AM
#43
If I store bitcoin in electrum wallet, can I claim future bitcoin forks?
The golden rule has always been... You need to have access to the private keys to ensure access to fork coins...

Electrum gives you access to private keys... So the short answer is "yes, with a couple of conditions".

Those conditions would be that Electrum MultiSig and/or 2FA wallets have historically been problematic when it comes to accessing fork coins.

SegWit wallets are likely to be just as problematic.

My advice, if you're planning on holding coins in Electrum for the purposes of getting access to fork coins is to use a "legacy" (aka. NON SegWit) standard wallet (Generated addresses should start with a "1") to reduce the chances of issues when claiming.
sr. member
Activity: 560
Merit: 261
November 29, 2017, 11:22:35 PM
#42
Based on the reviews above it looks like Electrum is a good thin wallet for Bitcoin.

Is there a similar wallet for Ethereum?
Electrum wallet cannot be used to store Ethereum, Unfortunately it only support Bitcoin, Bitcoin Cash (Fork).
for similarities, I will only recommend you this web wallet, myetherwallet.com


If I store bitcoin in electrum wallet, can I claim future bitcoin forks?
I heard there will be some fork happening in Decemeber.
Pages:
Jump to: