AV's can be circumvented in less than 5 minutes. I can give you a proof.
Send me some malware which is being flagged as a trojan / malware / etc.. I will send you back the same application, obfuscated without any AV recognizing it as malware anymore. That's a trivial task.

Also, a firewall doesn't protect you at all in this scenario. A firewall is managing rules for incoming / outgoing traffic.
If YOU download and install malware (either by installig it manually or trough a drive-by download on a malicious website) and the malware does not try to connect to a C&C server (which is not necessary in this example to steal your coins), your firewall can't do anything (simply because it is not the job of a firewall).

And the password protection does only help if the malware tries to steal the private keys / creating a transaction instantly after installation.
If the malware waits until electrum is open, and then frequently checks if the wallet file is decrypted until stealing the coins, the password protection is useless in this scenario.




There are a ton of threads here stating that user have lost coins from electrum. Most of them are blaming ThomasV and want their money back (simply because they have no clue at all and are extremely easy targets).

Easy-to-use and user-friendly wallets will never be abandoned. As long as there is an 'easy' way to do something - even if it is way less secure - it will be favored by a lot of people (especially clueless people).

pooya87 is right.

All (proper) walllets use the same mechanism. They use one seed (not mnemonic, but seed) which has been generated with a good amount of entropy (usually 256 bit) to derive all private keys.
Some wallets (the majority, excluding bitcoin core) do encode this seed via BIP39 which then gives you the human-readable mnemonic code composed of 12 / 24 words.

In the end, it is all the same. Just the depiction of the big random number (seed) differs.

Security-wise it doesn't matter how you encode the seed. All that matters is the entropy used to generate it.

That's only half-way true.

It heavily depends on the use case and on the kind of attacks you want to secure yourself against. For example:

• Against the low-severity-message-showing vulnerability which does nothing else but showing a message: Common sense
• Against malicious versions of electrum: Verifying the signature
• Against some browser exploits (no drive-by downloads): Protected by a password
• Against malware on the computer: Only offline- / hardware wallets help (being passsword protected doesn't help much - the next time he is decrypting his wallet file, the malware will steal everything. It takes about 5 minutes to make malware no longer being detected by AV's. AV's only help against very popular and often seen non-polymorph malware.
• Malware being installed in an evil-maid scenario: Wallet file encrypted + Filesystem encrypted + Booting from USB deactivated + BIOS password set
• ...

There are a lot of scenarios which all require different defensive mechanisms to protect against them. I listed just a few, the list is - by far - not complete.
It depends on how much BTC you want to store, how secure you want it to be stored and how paranoid you are about your security.

But IMO an AV + encrypted wallet file is NEVER enough. Especially not if you are using a windows machine.
It is just way too easy to infect a windows machine and to steal all BTC once the user opens his wallet file. It is terrifying easy.

4 of them (Browser, network, software, email) are circumvented by storing your coins offline.

A strong password is necessary to be secure against physical access (e.g. hardware wallet / cold wallet on a computer).
Regarding the hardware wallet: Most do wipe the data after X wrong attempts to enter the pin (e.g. ledger nano after 3 times).
Regarding the cold wallet on a PC: You could use an encryption algorithm with tons of iterations to slow down the decryption process -> Bruteforcing no longer possible even with only a 6-8 char alpha numerical password.




Simple question.

If your coins are stored on a hardware wallet: Nothing lost, you still have full access as the only person.

If your coins are stored on a desktop- / mobile wallet:

• One should always have his wallet protected (encrypted private keys trough password / android mobile always encrypted (which is default with android 7+) + no developer mode + not rooted + locked with a pin)
• One should always have a backup of the seed used

If both points apply, it is not a problem within the next few hours / days / weeks in which you should recover your coins with your backup and send them to a freshly created wallet.

Correct.

And that's exactly one of the reasons why you should use open source encryption software.
You are guaranteed to see what is happening by looking at the source code.

If you don't know how to read the code - or don't want to - look for an application which has been reviewed by multiple security professionals and is widely used by a large user base (e.g. VeraCrypt).

It is worth to mention that NOTHING is 100% safe. Bugs / mistakes always happen. The question is just whether it can be exploited to gain sensitive information and how trivial it is to perform such an attack.
But with open source software you are 'guaranteed' to have less bugs / errors than in proprietary software (More people reviewing the code - and not just the developer who miss the forest for the trees).

Simple answer: Mathematics.

Even with constantly increasing computing power, there are encryption algorithms which are (mathematically proven) secure.
RSA with a key length of 2048+ bit is safe for the next 10 years for example. 4096 bit keys are secure beyond 2030.

Same applies to AES with 256 bit. It is safe to use beyond 2030. Another good alternative is to use ECC.


In 10+ years, you could simply send all of your coins to a different address and encrypt that private key with a (more modern) encryption algorithm to have it secured for another period.




They don't find a way to "decrypt that encrypted mail", but to "break an encryption". And this - depending on the algorithm - is not possible, which is proven mathematically.




Security through obscurity is a very very VERY bad approach.
Just google it, you will find tons of arguments why you should never rely on this.

I often hear people about complexity vs. length when talking about password security.

There is a simple answer to this: length.


Lets look at it:

Complexity:
We got a charset of 26 (lower case letters) + 26 (upper case letters) + 10 (numbers) + 32 (special characters) = 94
Now with a 'normal' password length (8 chars) we got 6.095.689.385.410.816 possibilities.

Length:
If we look at lowercase letters only, we got a base of 26.
A password with a length of 12 has 95.428.956.661.682.176 different combination and already is about 15 times stronger than a complex password with 8 chars.


Increasing the exponent (charset^length) is way more efficient than increasing the base.

A lowercase password with the length of 12 is hardly arguable better memorizable than a 8 char password using lower+uppercase, numbers and special chars.


So, if you want to create a strong password, rather pass on complexity, and increase the length by a few more characters.

It seems like the majority of people still don't know how the email protocol works.

EVERY mail server (again: EVERY) between you and your recipient can read the mail in plain text.

It is (and never was) a good idea using (non-encrypted) emails to transmit sensitive information.
The email protocol is from 1980. It is extremely outdated and not secure at all.

Just because it is used everywhere, it doesn't mean it is something good / safe / secure.


Actually, you shouldn't store private keys on a device which is connected to the internet at all. Storing them on a mail server is just plain dumb.

This doesn't make sense.

Noone can 'hack an address'.

Either someone compromises your computer / mobile / wherever you store your private keys.. then he has access to ALL private keys stored there. Doesn't matter if you have your coins on 1 or multiple addresses.
Or someone gains access to your seed (which you have stored on a piece of paper (e.g. evil maid) / on your computer (very bad practice) / etc..). In this case the attacker also gains access to all of your coins. Regardless how they are split between multiple adresses.

With small amounts on a lot of addresses, you are increasing the size of the transaction. The more inputs are consumed, the bigger the transaction is.
And the bigger it is, the more fees you have to pay.


Bittrex is currently holding ~128.000 BTC in their cold wallet - on 1 address: https://live.blockcypher.com/btc/address/385cR5DM96n1HvBDMzLHPYcw89fZAXULJP/.

Your first transaction went trough successfully.
If they still don't show as received on bitpay, you have to contact their support. They are the only one able to help you, because they already have received the coins.

Regarding your second transaction, it seems that it hasn't confirmed because of a fee which was too low ? Without looking at the transaction we can only assume what happened.




His second transaction IS the one stuck. The first one went trough successfully.
So, if his 2nd TX used inputs from the first one, this can not be a reason for it still being unconfirmed (inputs confirmed already).

There are a lot of possibilities. To just name a few:

• OP mistyped and did not really download it from electrum.org (e.g. eelctrum.org)
  
  
• OP has been a victim of a MitM-attack (e.g. he didn't verify the server certificate)
  
  
• Some malicious person poisoned his DNS cache and redirected "electrum.org" to a malicious website.

There are a lot more, but those are the most often seen ones (which are relatively easy to accomplish too).
Thats one reason to ALWAYS verify the signature before installing a wallet. This is the only way to be sure to have exactly the software which ThomasV has signed.

I fixed that for you..

No, honestly.. It is being estimated that more than 50% of tor exit nodes are owned by federal agencies.
Of course this is just an estimation because you will never know the real number. But i believe this is coming very close to the real number.

That's one reason why i always say that using tor is not enough to stay completely anonymous on the internet. It is a good beginning, but definitely not enough if your life is depending on anonymity or someone technically very skilled is hunting you.

This is not possible to quite a lot of reasons.
I will list a few without a in-depth explanation because i think it really is not required here:

• IPs are given out dynamically
  You might have a specific IP today, a different tomorrow and a completely new one the day after.
  
  
• 'Adresses' do not exist on a technical level. An address is just a readable format for humans.
  On a technical level, transactions have public keys as 'receiver / sender'.
  
  
• 'Adresses' or public keys, are generated by doing mathematical operations on the private key.
  You need the private key (very big random number) FIRST, then you can create a public key out of it (and therefore also derive an 'address').
  
  
• Most internet user are sitting behind a NAT from their ISP.
  This is due to the fact that there are way too much internet devices than IPv4 addresses (there are 4,294,967,296; from which a lot of them can't be given out because of being reserved etc..)
  While you might see your 'public IP', you can't be reached from outside at this IP. All of your packets are getting routed through the NAT which changes your IP to the 'real' IP (the one from the ISP).
  Answers are getting translated and getting routed into the ISP's subnet to your 'internal public IP'.
  
  
• The time of IPv4 addresses is coming to an end (see previous point).
  There is a (very) slow transition onto IPv6 going on (which will have an IP space of 3.4 * 10³⁸ IPs.
  So the whole IP format is going to change anyway.
  
  

And.. most importantly.. it is not necessary at all. You would gain 0 benefit from it.
In fact, it wouldn't even make sense.

That's what they promise.

But in the end it is a centralized service hosted on a centralized server.
You are not encrypting anything with your / the recipients key.


This is neither safe / secure nor anonymous at all. They get access to your IP, browser, OS, screen resolution, etc..
Just because they SAY that they don't keep the data, you can never be sure.

You have to TRUST the people behind privnote.com to exactly do as they say.


If you TRULY wan't to securely communicate (encrypted), use signal. This is the de facto standard in encrypted and secure communication.
It is open source and has been audited by many security firms and private cyber security researcher.


If you additionally want to hide *any* kind of metadata (which is not as easy as it might sound), you NEED to route your whole traffic trough the tor network (which - by itself - is not enough to be completely anonymous).

You might consider switching to windows 10.

Windows 7 is outdated and - by far - less secure than windows 10.





As others already mentioned, there is no electrum 4.x.
It seems like you have downloaded a fake wallet.

Unfortunately there is no way for you to get your coins back.
But do NOT send any coins to any address whose private key is stored on your computer.

To be safe, backup your important files, format your hard drive and reinstall windows (preferably windows 10).
This is the only way to be almost completely sure your computer will be clean (Exceptions exist: Rootkits for example, even tho i don't believe those wallet scammers even know what this is, let alone how to create one).




You 'believe' ?
If you didn't download ThomasV's public key and verified it with the signature file, you didn't.
And if you did, you would remember.




There is no 'default seed'.
Each seed is individually created. This might be another hint that you have a malicious (non-original) electrum version installed.




Never share your seed with anyone. Everyone with access to your seed has access to your coins.
Also.. never store the seed on your computer. It creates a lot of risks and ways to steal your coins. Only save it offline (preferably on a non-digital device) or inside of a hardware wallet.

Especially for not that techy user, a hardware wallet is the best option to securely store coins.

If you didn't initiate the (outgoing) transaction, chances are extremely high that your computer is somehow infected with malware.

Please answer the following questions:

• What OS are you using ?
• What AV software are you using ?
• What version of electrum are you using ?
• Where did you download electrum from ?
• Did you verify the signature of the electrum executable ?
• Did you create your wallet (seed) yourself ?
• Did you share your seed / wallet file with someone else ?
• How do you have your seed stored (written down on paper / on a text file digitally) ?
• Does anyone else have access to your written-down seed or computer ?

My assumption would that you have downloaded a scam / fake electrum (high probability) or your seed is compromised (high probability).
Another option would be that your computer is infected with malware (medium probability).


But since the outgoing transaction has been sent 5 mins later, i assume that your seed is compromised.
Simply because if it was a fake wallet, the transaction should have been created instantly (IMO). But a script which checks all compromised seeds might take a few minutes to check the same seed again. Therefore the 5 minutes gap.
I am not sure about this, but that would be my assumption.

We need more information to help you properly. Therefore make sure to answer all questions from above as precisely as you can.

Electrum explicitly tells you to write the seed down. And you even have to enter it afterwards to make sure you have wrote it down correctly.

Did you create the wallet yourself ?

Digital files can get corrupted. Hard drives can get corrupted.
The most important piece of information (and the only real way) to regain access to your BTC in case of something happening (e.g. Hard Drive broken, Files corrupted, Broken update, etc.. ), is to have access to the seed.


I'd suggest doing what HCP mentioned.. create a new wallet ASAP, write down the seed and send all of your coins to that new wallet.
This is mandatory to be safe against any sort of software-/hardware failure.

He said he was using the electrum which came preinstalled in tails.

This means:
1. It is the original electrum, and not a fake or scam version
2. It is outdated. I believe electrum 3.1.3 is shipped with the latest tails (not completely sure about that). Definitely too old to connect to electrum server and not recommended to be used anyway.

---

@OP
Consider closing this thread if your issue has been resolved (Bottom left of this page -> lock topic)

Open source doesn't guarantee to have less security flaws.. but it doesn't need any trust into the developer anymore.
Anyone is free to investigate the source code. Verify, don't trust.

I wouldn't say that an open source software gives an opportunity to a malicious person. Security by obscurity is - and always was - a bad idea.
If you have vulnerabilities in your code, they will be found. Doesn't matter whether open source or not.
But, with open source you may have some good guy find the vulnerability.. in a closed source project you are almost guaranteed that the vulnerability is being found by a malicious person.




Honestly, this alone shouldn't be a reason to trust a wallet software.
It's not necessary in bither's case anyway, but worth to be mentioned.

---

@OP
I would recommend mycelium. I am using it quite often and have nothing to complain about.

Actually, this is a (very) bad idea.

Wallets (containing private keys) created this way are called 'brain wallets'.

The reason this idea is bad, is because the human brain can only 'create' a very small amount of entropy.
Even if you believe your text phrase is completely random, it will in fact be WAY less random than a computer could produce it.
A human brain is said to be able to produce about 20 - 30 bits of entropy. Thats extremely low in comparison to 256 bits of entropy.

Using sentences or phrases from a book is an even worse idea. Cracking brainwallets is doable and can be quite profitable.
Cracking randomly generated private keys on the other hand, is not possible.