Bitcoin Forum

I just upgraded to MultiBit (I know, I know) and I see that it stores your BTC in a wallet and that it has to talk to a server to get updated. I've been burned by "cloud" software before, so does anyone know if the Multibit server goes down or they go out of business if my wallet will still operate properly?

I'd hate to lose >20 BTC because Mr. Multibit didn't pay his server bill this month :D

multibit server? i think you have some confusion there, multibit is just a light version of the client Core, multibit operate with nodes(and you are one of those nodes), there isn't a centralized server to which you connect

There's no cloud, you can always export your privatekey to other client and use your bitcoins.

Maybe I'm wrong, I thought when it said "Synchronizing" that it was syncing with the multibit server somewhere. Glad to see that's not true.

The MultiBit(HD) client tries to lookup on the MultiBit HTTP(S) server if there is a new software version, and looks up for help pages. If the MultiBit HTTP(S) server is down, You can still use Your MultiBit(HD) client.

You can see what happened the last time when the multibit.org site was down and an explanation by Jim from MultiBit here (https://bitcointalk.org/index.php?topic=1096832.0).

I think You could simulate and test that also by blocking the IP address that resolves from multibit.org in Your computers firewall.

The commenters on the MultiBit architecture are correct.

MultiBit HD connects directly to Bitcoin Core/XT nodes to:
+ get transaction data
+ send transactions

It connects to multibit.org for various housekeeping things but fails over and keeps going if multibit.org is down.
Specifically:
+ it checks a file on multibit.org to see if there is a new version(no multibit.org = no upgrade notification)
+ it gets the help from multibit.org (fails over to a local copy of the help - it'll be a bit out of date but no big deal)
+ if you create a new wallet it does a BRIT exchange to get a list of fee addresses (fails over to a hardwired list).

In V0.1.1 you no longer will see an annoying 'MultiBit HD - internet connection' dialog if our server is down - we've fixed that.

tl;dr; If the multibit.org server goes down you can carry on using MultiBit HD for all your bitcoin related tasks.


Blocking multibit.org in your firewall would be a good way to simulate that yes if you wanted to test it. Please unblock it once you've run the test ! :-)

So where is this node? It's a server isn't it? I know that the server can't spend the coins but still, he knows all addresses in that wallet, right? Its similar to electrum as long as iam not wrong.

So theoretically i see a risk.

The "node" he's talking about is the bitcoin network of servers, not Multibit.



Thanks Jim, I get it now. Now if only you'd make it so we can solo mine against Multibit :D





TLDR: Still using Multibit.

As long as you have your private keys, it does not matter what wallet you use.
So no need to panic. Just export your private keys and store them safely. Also print them on paper and store safely.

As long as you have your private keys, you can always recover your Bitcoins using numerous other wallets even if Multibit goes out of existence.

Nodes are not servers, they are Bitcoin Core/XT clients which opened inbound connections. See https://bitcoin.org/en/full-node.

Oh, right... i don't know how i forgot what it meant. :P

But Multibit doesn't store the blockchain, so still nobody except the multibit wallet knows all the addresses in that wallet?

It's different to electrum where the servers practically know all the addresses in a electrum wallet?

Sorry for asking you out. :)

Electrum does not store the blockchain too.


No. An attacker can know, if not all, most of your addresses but I don't know if Multibit is using a modified BitcoinJ which solves this problem.


Yes but Multibit's connections to nodes are unecrypted which is far less secure than Electrum's connections. You can add some watch-only addresses which do not belong to you to create false-positive.


No problem.

Thanks for explaining to me Muhammed Zakir. I didn't know that Multibit has unencrypted traffic. :O

But i think electrum is more dangerous. I mean an attacker only would need to set up a server and he would get all the wallet addresses. Im not sure if a wallet needs to connect to him first but the auto connect is enabled by default. And when it's disabled then im still not sure if electrum isn't sometimes connecting to the other servers.

So i think electrum is a mess anonymitywise.

no servers, i have been using it for the past year and have had only one problem... my payment from genesis mining didn't come through for a week, turns out it was genesis mining not the wallet :D

All the traffic to and from Bitcoin Core nodes (and between them when they relay transactions) is unencrypted.

See jim618's above post.


You can choose an Electrum server manually and to create false-positive, you can add watch-only addresses to your Electrum. Nonetheless, both Multibit and Electrum has its own downsides. You will have to make right choice.

http://www.thomasmonaco.com/electrum-vs-multibit-bitcoin-thin-client-comparison/ maybe helpful. Note that, this article compares Multibit Classic and Electrum not Multibit HD.

Wait, so Electrum isn't secure?


Say you wanted to put your retirement savings into BTC, like for instance you live in Greece... Putting it in an Electrum Wallet with the cold storage guide here  (http://electrum.orain.org/wiki/Cold_storage)isn't "set-it and forget it" secure?

IF that's true then the guys at Bitcoin need to get their butts together to better prevent theft or cryptocurrency will never take off as a replacement for fiat on any scale that makes it feasible.


edited for readability. Brain gets ahead of fingers sometimes. :)

Electrum is[/is] secure and so does, Multibit.

What do you mean with false positives?

The thing is that you never know who is behind an electrum server. Could be someone who wants to know what addresses are in certain wallets and wants to do whatever with it.

Adding someone elses bitcoin address (as watch only ofc) will create wrong assumptions when someone wants to detect which address are yours and how much bitcoin you have.

Can you expand on this some?

Thanks for this. I too was wondering.

When you are using electrum you get the all data from a server. If this server wanted to spy on you, they could know all your addresses and the balances. They cant spend your coins and if they would block your transactions you would probably connect to a different server. I assume the default configuration connects to a different server from time to time anyway, but lets assume you manually select a specific server for this. As above this server knows for which addresses you request information. If you now add a watch only addresses from a stranger you would also request information for that address. This could lead to false information about you. You cant actually spend those coins as you dont know the private key, you just know the address. For the server however it looks like the address is yours. Thats what Muhammed Zakir was refering to as "false positives". Its a positive in regards to "does address Y belong to X?", but in fact Y does not belong to X.

Thank you for clarifying! That makes sense. So tell me this, if I were say, the government of Greece and I wanted to monitor all BTC transfers and tax or even ban a user, I could buy the Electrum server and boom, I'm in business.

That's a little scary.

Not exactly, you would have to make sure every citizen is using your server which is next to impossible. Its also very difficult (even for a state) to connect an IP address directly to a person. Most IP addresses are used by several persons and they can easily be hidden, e.g. via Tor, a proxy or a VPN.

But if I owned Electrum then I would own all the electrum users, correct? By own, I mean I can know their balances, tax them, and/or block them from accessing their funds.

Nope, anyone can run an electrum server and since electrum is open source people can check for backdoors in the code (wallet and server).

Is this a feature of Multibit? I'm not aware that this can be done with Electrum, for example. Or do you speak about posting addresses? Sounds risky, if such address can be connected to other addresses that belong to a spammer then you might get red trust. Of course one could simply use an address from a websites wallet.

You can do this with Electrum, I posted a link above.

I nearly did not find your link about the cold wallets but the link about false positive addresses i can't find at all. Can you give the link again or point me to the thread you posted it in?