Electrum ate 9 BTC!

[djdollabill]

Be warned, if you're not careful, a brainwallet setup of Electrum can eat your BTC.

The idea is to store private keys on a thumb drive, encrypted with TrueCrypt.  Ya with me so far?

Run standalone Electrum to do a transaction.  Import the private key.  Pretty straightforward so far.

Sent BTC to ***.  There were 9.5 BTC linked to that private key.  Sent 0.5 BTC. 

Electrum made a change wallet that I THOUGHT was linked to the original private key.  It turns out the change wallet is probably linked to the "seed" of the Electrum wallet that it makes when you start a new electrum.dat file.

I then deleted electrum.dat on that computer because, you know, hackers.  Of course that electrum.dat file had the seed for that new change address.

So you can see what happens next (perhaps there are a few people who understand where this is going): I got home and checked the Armory wallet, which now showed a zero balance. WTF!   Where did the BTC go?

Well, check blockchain.info and there they are, in a new address, private key unknown.

Please, Mr. Electrum, whoever you are (Dr. Electrum?) consider the following:
1.  Disable change wallets by default
2.  Allow users to start the standalone proggie by EITHER creating a new wallet in Electrum OR importing an existing private key.
3.  Linking change wallets to the imported private key instead of the Electrum wallet if there is an imported key, or at least give us the option.  Armory is more careful about that, and I think intuitively I assumed (incorrectly it turns out) that Electrum would be the same.

The program works pretty well, but if you intend to use it on an offline thumb drive, you had better be careful about where your change goes. 

I learned an expensive lesson: transactions, even small ones, are not trivial and involves potentially all the dough linked to that private key.

So now that my change wallet is "dead" I wonder what happens when all 21 million BTC succumb to a similar kind of entropy?  Sooner or later, missing private keys will affect lots of BTC, perhaps all of them.  At least with cash, it's a zero-sum game, someone loses $100 on the street, someone else picks it up and uses it.  In this case, the loss is more analogous to a pile of bills catching on fire.

[Gabi]

I opened a thread about that some weeks ago, the problem is that almost no one know about this "change" thing. If you spend some of your coins, the change will go in a NEW address...

I wonder what happens when all 21 million BTC succumb to a similar kind of entropy?

All? Everyone? Even the last satoshi? Unlikely. If only 1 satoshi survive? Then it will be divided between everyone. That's the beauty of digital things

[djdollabill]

I wonder what happens when all 21 million BTC succumb to a similar kind of entropy?

All? Everyone? Even the last satoshi? Unlikely. If only 1 satoshi survive? Then it will be divided between everyone. That's the beauty of digital things
[/quote]

Thanks for the thoughtful response...I agree even one satoshi would still have value, but one satoshi worth $200 million isn't all that useful, IMHO.

[Gabi]

Then divide that satoshi in 21 millions satoshi, everyone of them divided too like today 

[djdollabill]

If everyone agrees, I guess that's what could happen--it's just software, right?  Currencies re-value all the time.

It's like the final scene in Men In Black, where they zoom out and the whole universe is just a marble for aliens to play with on a beach.  That's what BTC could become over and over.

[Blazr]

The mistake you made is you didn't protect the seed.

Electrum is a deterministic wallet, all you need is the seed and every address, including all change address and any future addresses you generate from that seed will all be safe.

[djdollabill]

The idea is to use Electrum on a thumb drive with offline addresses.  You could use a random computer, run electrum, import the key, pay someone, then log off and wipe the electrum.dat file.  The point is to not need to record seeds between uses--nothing is stored on the host computer, only my thumb drive.  I don't want to leave forgotten .dat files everywhere I go.  I guess you could put the .dat file in the same directory as the electrum executable, but the program now leaves them in C:\Users\Mike\AppData\Local\Electrum, which is too easy to forget to clean.

This is a brainwallet idea, in which you only need to remember your TrueCrypt password to decrypt a thumbdrive partition.  Sure I know Electrum uses a brainwallet idea too, but I want to remember "my" brainwallet password, not one defined by the program.

To me, single-use Electrum with encrypted private key file is the simplest way to pay someone with Bitcoin.  It's pretty easy to encrypt a thumb drive using TrueCrypt to store the keys as a plaintext file.  I would prefer this over even an electrum.dat file.

I don't think I trust a cell phone with private keys.  If I lose the phone, I lose control over the keys.  Also, I use an old Palm Pixi that can't run an Android app.  Also, can't hackers somehow get into my phone and try to steal my keys?  A phone as a mobile payment platform is a hotwallet.  If newspapers in London can hack cellphones, can't Bitcoin hackers?

So I still beg you (and I appreciate you responding to my post) to consider updating Electrum to avoid this change-wallet problem.  If a user imports a private key, BTC-change should go to addresses under that private key.

Regards,
Mike