Thanks for letting us know. That's a new one!
|
|
|
best to remove the local transaction and start again via the send tab.
|
|
|
Hi,
I've installed electrum together with EPS and the Trezor HW wallet. When I click receive it gives me an address that was already used before I've started to use Electrum. When I look in the addresses tab, I see that the first 8 address are already used and spent.
How can I skip these 8 addressed and get the first really unused address from Electrum?
That shouldn't be happening. The receive tab only hands out unused addresses. Perhaps electrum wasn't synced when you first switched to that tab? Try restarting electrum. Make sure it's synced and then switch to the receive tab.
|
|
|
look at your browser history and confirm the url you downloaded electrum from ?
|
|
|
You posted some of possible solutions, and both would in any case be better than the current situation. It's been 16 days since the attack started, and only fix in that period is mitigation of problem.
You should complain in that issue: https://github.com/spesmilo/electrum/issues/4968I see there is version of Electrum 3.2.4 (2018-12-31 11:26), but on main page is still Latest release: Electrum-3.3.2 , even more confusion...?
3.2.4 contains a backported version of the phishing attack mitigation for users who can't upgrade to python 3.6. Everyone else should stick to 3.3.2.
|
|
|
I'm not sure if it's technically possible that Electrum use this exploit in a way to show warning message to users, but before any transaction is initiated?
Well first of all Electrum doesn't show update notifications at all. If it were to start now it'll only muddy the waters even more Second the message is by the server you are connected to and the electrum company doesn't control those servers. If it did then they could simply replace the messages with numerical error codes and then the client could display a limited set of meaningful error messages depending on the error code instead of arbitrary messages from the server. This is the proper fix they talked about. In the meantime the electron cash approach might work where they attempt to parse the message from the server and then replace it with a legit error message. Another suggestion was to hide the message from the server under a read more button so that those who actually cared could read it while your regular users won't bother and therefore won't be phished.
|
|
|
Use 3.2.4 which mitigates the phishing vulnerability.
|
|
|
You need to go back and confirm that you have the right xprvs and xpubs. Most likely you are using xprvs for a different set of seeds. Otherwise this cannot happen because electrum orders public keys lexicographically in the multisig script so the same addresses are always generated.
|
|
|
To switch servers you have to go to tools > network > server tab and then uncheck select server automatically and, here's the important bit, right click on a server in the list and choose use server. double clicking doesn't do it
|
|
|
@Lucius edit: that guide is just wrong. he's asking people to trust the site for the key id: At the top of the download page of the Electrum website you will see a mention reading: Sources and executables are signed by [Someone name here] Click the link on the right of this mention. It will show you details of the PGP public key of the author, including the keyId. Copy this keyId. (for example, at the time of writing this article, it was signed by Thomas V, and its keyID is 7F9470E6).
Besides the short key id he's using there is unsafe. My suggestion is to link people to this guide or this one instead.
|
|
|
No it isn't. The air gapped PC has no idea about your past transactions so it can't create a spending tx. What you should do is go online since you are using a trezor and it is designed for online use. Otherwise you could try creating a watch only wallet with your mpk (wallet menu > information) on an online system and doing the whole cold storage sneaker net dance. But it makes no sense to own a trezor and then keep it offline as well. Why spend on a trezor if you don't want the convenience and security of being able to use it on an online system?
|
|
|
Wait till you here about deterministic wallets
|
|
|
Well if you know what you are doing you don't need to use the electrum 2fa wallets. You can create your own multisig 2fa setup using 2 devices like a pc and a phone and save fees that would otherwise go to trusted coin and the electrum developers. So the people using 2fa are relative noobs and it is important that restoration from seed be relatively painless for these guys. When you restore from seed electrum can automatically detect that it's a 2fa wallet. So that's why there's a 2fa version.
|
|
|
Abdumassad is kind of right. . However, p2pkh multisig is the same address and extended public key so it's the same derivation path. I'm not sure if that's what you meant with the list?I'll check out that tool anyways.
You're right about this. non-2fa multisig wallets don't have a separate version encoded in the seed mnemonic: https://github.com/spesmilo/electrum/blob/3.3.2/electrum/version.py
|
|
|
@jackg I updated that script to work with electrum 3.3.2 just now. If it's not working for you try the newest version.
|
|
|
@artofwar Please lock this thread and continue this issue on github. On github you get the devs' attention. Over here we are just volunteers.
|
|
|
Your seed words are the human readable representation of the entropy that you use to generate your keys. There is no difference* between a SegWit seed and a regular seed, in the end you are generating "private keys" and in bitcoin we only have one type of private key!
This is not true in the case of electrum. It encodes the script type in the seed mnemonic and that's how it knows whether to generate p2pkh, p2sh multisig, p2wpkh or p2wsh multisig addresses. It doesn't let you mix the various types in the same deterministic wallet. jackg see the last sentence that I wrote above ^ Regarding xpub to zpub you will have to convert the key using software because there is a checksum and it won't validate if you simply change a letter. Here's a script that can do it for you.
|
|
|
anyone, please help.
see post #9 above. edit: i see you posted it on github. good.
|
|
|
You may be able to do it in your operating system. I know in KDE you can disable notifications on a per-app basis.
|
|
|
What version of electrum are you using? If it's 3.3.2 then you should make an issue on github. Otherwise update to the latest and greatest first.
|
|
|
|