How difficult would it be for an Electrum server operator to go rogue?

[linuxnewbie]

Hello.

How difficult would it be for an Electrum server operator to go rogue and steal my BTC balance?

[Stephen Gornick]

How difficult would it be for an Electrum server operator to go rogue and steal my BTC balance?

Your Electrum client holds the private keys, not the Electrum server.  The transactions are signed by the local client, so they are never sent to any server.

What is a potential problem is that the server does inform the client of payment transactions received.  So this would be a risk in the case where you are receiving bitcoins in exchange for cash.  Your Electrum client says you received bitcoins, you hand over the cash, and only then when you try to spend those funds do you discover there was no actual payment.

A remedy could be to perform independent verification on all payments received (e.g., using Blockchain.info or other) before trusting those payment notifications.    [Edit: If Electrum does SPV (thanks btcven for point that out) then this risk does not exist as I've described it.  Perhaps someone can answer specifically as to how the client specifically is protected against a server that lies about payments received.]

Here's the Electrum Wiki page:
 - http://en.bitcoin.it/wiki/Electrum

[btcven]

Electrum also use SPV to check the information received from the server. You can always use random servers and switch them to check if you are receiveing your actual balance.

[linuxnewbie]

Thanks!

So Electrum is as secure as a paper wallet?