Hey guys! After recent issues with Electrum hacks I've got worried about my funds and changed the password for my wallet. But the reason I'm creating this thread is that recently we see such reports too often. I like electrum and would like to continue using it but some questions have to be asked:
Although changing the password is usually a good measure, in case of these hacks that would not help at all.
And for the other questions, I should better start with what these "hacks" were about.
Electrum is a SVP wallet. It relies on a number of servers to check/validate/rely transactions, check funds and so on. These servers are maintained by various people around the world, you can make one yourself.
The "hackers" made a number of "bad" servers, which used to send a message to the users connected to them to update Electrum, providing a link to a fake Electrum, which was stealing the funds if ran.
The fix is a version of Electrum that doesn't allow such messages get received anymore.
1. Pretty much money were stolen due to such hacks. Does any one got any compensation from the side of devs that allowed such things to happen? I know that the question is naive and everyone probably got nothing but anyway...
Since the users installed the bad software themselves, it's partly their fault too. Also Electrum is free software, you can choose to use it or not. So no, no reimbursements afaik.
2. Is it safe to use old versions of Electrum? Considering that some errors, asking to update wallet might be a malware is it safe just to stick to one wallet?
It's not safe to use old versions of Electrum. Those will show the fake upgrade message. Also the "good" servers nowadays don't allow old Electrum connect to them.
The users should go to electrum.org, make sure that's the site, download the newest version (3.3.4),
check the signature to make sure it's the correct thing and then install.
3. Anyone thought about creating an official Telegram channel? I see on the website that they got twitter but twitter is turning into a huge pile of crap while Telegram is becoming more popular each day. It would be nice to get notifications about any changes there.
Thanks in advance.
I don't know about a telegram channel. But that would need time spent by somebody to keep it alive and clean, I guess. Time spent by somebody for free.
Normally one should simply go to the website every time something is not clear. Also this part of the forum is for Electrum users, ask here and you'll get answers.
Edit: added the hyperlink to the posts explaining about signature checking.
I'd also add that if you want to sleep easier, you should:
1. Keep offline the coins you don't spend for long time. Safely generated (you can search how to do that) and printed/written down paper wallets are pretty safe.
2. For the normal spending coins, if the value is big enough to make it worth it, you should consider buying a hardware wallet. You can get one for under 70$.