Bitcoin Forum
January 21, 2018, 10:48:36 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Time to move from Electrum  (Read 159 times)
shamzblueworld
Hero Member
*****
Offline Offline

Activity: 574


View Profile WWW
January 08, 2018, 01:07:58 PM
 #1

So as you can see from the notice above, ( https://bitcointalk.org/index.php?topic=2702103.0 )
Electrum is vulnerable, and has been for quite a while. Its just that they have discovered it now, and also that their first fix wasn't a fix either, that have upgraded it again.
I for one am not feeling much better after this upgrade either, because tomorrow maybe another one like this.

So is it time to move from electrum to another option?

What do you guys think?
1516531716
Hero Member
*
Offline Offline

Posts: 1516531716

View Profile Personal Message (Offline)

Ignore
1516531716
Reply with quote  #2

1516531716
Report to moderator
1516531716
Hero Member
*
Offline Offline

Posts: 1516531716

View Profile Personal Message (Offline)

Ignore
1516531716
Reply with quote  #2

1516531716
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1516531716
Hero Member
*
Offline Offline

Posts: 1516531716

View Profile Personal Message (Offline)

Ignore
1516531716
Reply with quote  #2

1516531716
Report to moderator
1516531716
Hero Member
*
Offline Offline

Posts: 1516531716

View Profile Personal Message (Offline)

Ignore
1516531716
Reply with quote  #2

1516531716
Report to moderator
Lucius
Legendary
*
Offline Offline

Activity: 938


Fortis Fortuna Adiuvat


View Profile WWW
January 08, 2018, 01:46:29 PM
 #2

So as you can see from the notice above, ( https://bitcointalk.org/index.php?topic=2702103.0 )
Electrum is vulnerable, and has been for quite a while. Its just that they have discovered it now, and also that their first fix wasn't a fix either, that have upgraded it again.
I for one am not feeling much better after this upgrade either, because tomorrow maybe another one like this.

So is it time to move from electrum to another option?

What do you guys think?

You should always consider another option,there is many other wallets out there and they are free to use.But if you have some significant amount of BTC or any other altocins every desktop wallet can represent potential threat in any moment.Electrum is fix their vulnerablity in version 3.0.5 and it should be safe to use it now,but as you say they can discover some other vulnerablity next day or in few months/year.

Although this vulnerablity could have been full exploited only if user did not set decent password on wallet,and I think that most users of Electrum set password when they install wallet,so except reputations of Electrum there is no major damage to users.

Only thing which I can suggest is to seriously consider some hardware wallet,I use my Ledger Nano S in combination with Electrum BTC-It have nice&functional interface and your private keys are always safe inside device.

       ▀
   ▄▄▄   ▄▀
   ███ ▄▄▄▄  ██
       ████
    ▄  ▀▀▀▀
▄▄
      ██    ▀▀
██▄█▄▄▄████████
▄▄▄▄▄▄▄▄▀▀███▀▀▀
██████████████████
████▄▀▄▀▄▀███▀▀▀▀▀
████▄▀▄▀▄▀███ ▀
████▄▀▄▀▄▀████████
▀█████████████████
]
,CoinPayments,
█████
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████
█████
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████
█████
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████
bob123
Sr. Member
****
Offline Offline

Activity: 448



View Profile
January 08, 2018, 03:14:26 PM
 #3

..
Its just that they have discovered it now
..
So is it time to move from electrum to another option?

Just because there hasn't been found a vulnerability in a wallet with a lower userbase, it doesn't mean those are safer than electrum..
You can move to another wallet. But the question is what you expect from this wallet.
A desktop wallet shouldn't be used to store larger amounts of money anway. It may be easier to exploit this vulnerability.. but generally its easy enough to get malware spread around.
So you should never consider your desktop wallet as a safe place to store cryptos. Electrum has a ton of features. Besides core i would not know which has such a variety of functions.
Its up to you which wallet you prefer. Electrum in combination with the nano s is an extremely safe way (not vulnerable in this situation) of storing btc and having a ton of features.

theymos
Administrator
Legendary
*
Offline Offline

Activity: 2912


View Profile
January 08, 2018, 05:33:07 PM
 #4

Electrum is still one of my favorite wallets, but you have to understand its limitations:

 - Its privacy (and security, to some degree) is inherently bad due to its verification model.
 - It's written in an interpreted language, which makes me instantly suspicious of its security.
 - It has a very small team.

I'm OK with using Electrum for smallish amounts, with the assumption that all transactions/BTC in a single Electrum wallet can be trivially linked to each other.

IMO Electrum is still in the top two or three wallets. But although ThomasV is one of the best devs in Bitcoin, and some other wallet devs are also very good, this probably says more about how poor the wallet ecosystem is in general than how great Electrum is. Every wallet is seriously flawed in many ways.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
RGBKey
Hero Member
*****
Offline Offline

Activity: 616


Cypherpunk|Crypto Nerd|Provably Fair Verifier


View Profile WWW
January 08, 2018, 05:57:25 PM
 #5

Electrum is still one of my favorite wallets, but you have to understand its limitations:

 - Its privacy (and security, to some degree) is inherently bad due to its verification model.
 - It's written in an interpreted language, which makes me instantly suspicious of its security.
 - It has a very small team.

I'm OK with using Electrum for smallish amounts, with the assumption that all transactions/BTC in a single Electrum wallet can be trivially linked to each other.

IMO Electrum is still in the top two or three wallets. But although ThomasV is one of the best devs in Bitcoin, and some other wallet devs are also very good, this probably says more about how poor the wallet ecosystem is in general than how great Electrum is. Every wallet is seriously flawed in many ways.

Agreed. Just look at Meltdown, it has been a vulnerability in Intel chips for years, and was only now discovered. The two aren't completely analogous, but a mistake/vulnerability free environment isn't likely when you still have humans writing the code.

HCP
Hero Member
*****
Offline Offline

Activity: 490

<insert witty quote here>


View Profile
January 09, 2018, 12:03:30 AM
 #6

...because tomorrow maybe another one like this.
and who is to say that [insert any bitcoin wallet name here] wallet won't also discover a security vulnerability tomorrow? Roll Eyes


... and also that their first fix wasn't a fix either, that have upgraded it again.
Actually their "first fix" WAS a fix... it was just very blunt and simply disabled the unsecure functionality completely, until the devs had time to implement a "proper" fix. Hence why there were "two" upgrades.

What is really important to me in situations like this is the response of the devs... which, in my opinion, has been fantastic. Once the issue was identified as being serious, they IMMEDIATELY released a "fix" which helped to secure the wallet, which then gave them time to implement a "clean" fix that enabled them to keep the original JSON-RPC functionality, but secure it properly.

They also didn't try to hide anything... it would appear they tried their best to make it known that there was an issue and that people needed to upgrade. Full credit to ThomasV and the Electrum devs.


...this probably says more about how poor the wallet ecosystem is in general than how great Electrum is. Every wallet is seriously flawed in many ways.
#QFT Undecided

pooya87
Legendary
*
Offline Offline

Activity: 1162


Buy bitcoin they said... who listened?


View Profile
January 09, 2018, 05:36:32 AM
 #7

another option?

ingredients:
  • pen/pencil for writing: 1
  • paper to write on: as much as rquired
  • 16-sided hexadecimal dice: 1
  • an even ground to roll the dice 64 times: as big as possible!

congratulations you now own a private key. not to get your bitcoin address you need:
  • some tool to convert the hexadecimal result to a bitcoin address.
  • a DVD with live linux to run that tool

now you are only trusting ECDSA and hashes to be safe. Grin

hugeblack
Full Member
***
Offline Offline

Activity: 210


Signature Designer ^-^ https://goo.gl/34QBYf


View Profile
January 09, 2018, 11:10:59 AM
 #8

why all take Electrum vulnerability seriously (Real Hacking)

I quote this from Reddit @etmetm.

The common vector is javascript code on a malicious website scanning and connecting to the RPC interface for electrum running on localhost. More modern browsers do not allow https (website) to http (RPC) access to localhost, so the attacking website commonly has to be http only as well.

It can only steal funds if your wallet is passwordless, which is not usually the case. It's serious in that RPC can also be used to change settings in the electrum config.

Edit: CORS access https -> http should not work. POST requests from https to http seem to be possible indeed but they should be a lot slower. Brute forcing password will take time (especially on post requests) but good point for really short passwords. You'd need to keep open the attacker webpage for quite a while though.

Source : https://www.reddit.com/r/Bitcoin/comments/7ooack/critical_electrum_vulnerability/

jossiel
Hero Member
*****
Offline Offline

Activity: 686


Vacation rentals platform powered by CryptoDNA®


View Profile
January 10, 2018, 06:06:44 AM
 #9

I've noticed that news either that was discovered by theymos. If you are studying IT or you have been into an IT course, most of your professors or instructors will say that there's no perfect system.

But what happened to electrum is that you just need to upgrade the client as suggested to 3.0.5 even you recently upgrade to the last 3.0.4 (which is written above).

So is it time to move from electrum to another option?
It's your choice if you want to move. I still trust electrum, it's one of the best wallets that I've used.

       


████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
              ▄▄▄▄▄▄
          ▄▄███████████▄████▄
       ▄████████████████ ▄▄ █
     ▄███████▀▀▀     ▀▀█ ▀▀ █
   ▄██████▀            ▀████▀          ██
  ▐█████▀                            █████
 ▐█████                             ███████
 █████          ▄███▄                ██████▄
▐████          ███████         ██     ██████
█████          ███████       █████    ██████
█████           ▀███▀      ███████    ██████
█████            ███         █████    ██████
▐████           █████          ██     ██████
 █████         ███████               ██████▀
 ▐█████                             ███████
  ▐█████▄                            █████
   ▀██████▄            ▄████▄          ██
     ▀███████▄▄▄     ▄▄█ ▄▄ █
       ▀████████████████ ▀▀ █
          ▀▀███████████▀████▀
               ▀▀▀▀▀▀





                ▄▄▄▄
        ▄▄▄▄████████
▄▄▄▄████████████████
████████████████████
████████████████████
████████████████████
██████████████▀  ▀██
██████████████    ██
██████████████▄  ▄██
████████████████████
████████████████████
████████████████████
████████████████████
████████████████████
████████████████▀▀▀▀
████████▀▀▀▀
▀▀▀▀
 
WHITE PAPER
HOME PAGE
THE ICO
       


████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
mpufatzis
Full Member
***
Offline Offline

Activity: 168


View Profile
January 10, 2018, 10:13:34 AM
 #10

Electrum was vulnerable but not if you used an offline computer as cold wallet and another online (watch only) for the transactions.
I think you can still use it this way, it is the safest option. If you have many coins, buy a hardware wallet or for more safety use paper wallets. They are still usable.

P2PS TOKEN CREATING A WORLDWIDE NETWORK OF DIGITAL SERVICES
    BUY P2PS TOKEN!    SUBSCRIBE  P2PS WHITEPAPER  ] 
██ ██  (  FACEBOOK  )   (  TWITTER  )  (  INSTAGRAM  )  (  LINKEDIN  )  ██ ██
veleten
Legendary
*
Online Online

Activity: 1106



View Profile
January 12, 2018, 05:45:46 PM
 #11

there is an update available,should be safe from any vulnerability
there are not many lightweight,easy to use,user friendly wallets to migrate to
electrum can be used to store some funds for day to day transactions
I highly doubt hackers would be able to breach your system and even if they do,there will be not much for the taking anyways

.BITSLER.                 ▄███
               ▄████▀
             ▄████▀
           ▄████▀  ▄██▄
         ▄████▀    ▀████▄
       ▄████▀        ▀████▄
     ▄████▀            ▀████▄
   ▄████▀                ▀████▄
 ▄████▀ ▄████▄      ▄████▄ ▀████▄
█████   ██████      ██████   █████
 ▀████▄ ▀████▀      ▀████▀ ▄████▀
   ▀████▄                ▄████▀
     ▀████▄            ▄████▀
       ▀████▄        ▄████▀
         ▀████▄    ▄████▀
           ▀████▄▄████▀
             ▀██████▀
               ▀▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄             
▄▄▄▄▀▀▀▀    ▄▄█▄▄ ▀▀▄         
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄       
█  ▀▄▄  ▀█▀▀ ▄      ▀████   ▀▀▄   
█ █▄  ▀▄   ▀████       ▀▀ ▄██▄ ▀▀▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█  ▀▀       ▀▄▄ ▀████      ▄▄▄▀▀▀  █
█            ▄ ▀▄    ▄▄▄▀▀▀   ▄▄  █
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█ ▄▄   ███   ▀██  █           ▀▀  █ 
█ ███  ▀██       █        ▄▄      █ 
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   
▀▄            █        ▀▀      █   
▀▀▄   ███▄  █   ▄▄          █   
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀     
▀▀▄   █   ▀▀▄▄▄▀▀▀         
▄▄▄▄▄▄▄▄▄▄▄█▄▄▀▀▀▀               
              ▄▄▄██████▄▄▄
          ▄▄████████████████▄▄
        ▄██████▀▀▀▀▀▀▀▀▀▀██████▄
▄     ▄█████▀             ▀█████▄
██▄▄ █████▀                ▀█████
 ████████            ▄██      █████
  ████████▄         ███▀       ████▄
  █████████▀▀     ▄███▀        █████
   █▀▀▀          █████         █████
     ▄▄▄         ████          █████
   █████          ▀▀           ████▀
    █████                     █████
     █████▄                 ▄█████
      ▀█████▄             ▄█████▀
        ▀██████▄▄▄▄▄▄▄▄▄▄██████▀
          ▀▀████████████████▀▀
              ▀▀▀██████▀▀▀
            ▄▄▄███████▄▄▄
         ▄█▀▀▀ ▄▄▄▄▄▄▄ ▀▀▀█▄
       █▀▀ ▄█████████████▄ ▀▀█
     █▀▀ ███████████████████ ▀▀█
    █▀ ███████████████████████ ▀█
   █▀ ███████████████▀▀ ███████ ▀█
 ▄█▀ ██████████████▀      ▀█████ ▀█▄
███ ███████████▀▀            ▀▀██ ███
███ ███████▀▀                     ███
███ ▀▀▀▀                          ███
▀██▄                             ▄██▀
  ▀█▄                            ▀▀
    █▄       █▄▄▄▄▄▄▄▄▄█
     █▄      ▀█████████▀
      ▀█▄      ▀▀▀▀▀▀▀
        ▀▀█▄▄  ▄▄▄
            ▀▀█████
[]
bitbunnny
Legendary
*
Offline Offline

Activity: 1218



View Profile
January 12, 2018, 07:54:28 PM
 #12

I beleive that every wallet have some kind of vulnerability. Those who are popular among many users, like Electrum, are more exposed and hackers are always trying to find the way how to breake the protection. But that doesn't mean that Electrum is bad wallet.
Because of potential vulnerabilities is clever to use multiple wallets of multiple types. You can't never be safe enough.

.BITSLER.                 ▄███
               ▄████▀
             ▄████▀
           ▄████▀  ▄██▄
         ▄████▀    ▀████▄
       ▄████▀        ▀████▄
     ▄████▀            ▀████▄
   ▄████▀                ▀████▄
 ▄████▀ ▄████▄      ▄████▄ ▀████▄
█████   ██████      ██████   █████
 ▀████▄ ▀████▀      ▀████▀ ▄████▀
   ▀████▄                ▄████▀
     ▀████▄            ▄████▀
       ▀████▄        ▄████▀
         ▀████▄    ▄████▀
           ▀████▄▄████▀
             ▀██████▀
               ▀▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄            
▄▄▄▄▀▀▀▀    ▄▄█▄▄ ▀▀▄         
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄      
█  ▀▄▄  ▀█▀▀ ▄      ▀████   ▀▀▄   
█ █▄  ▀▄   ▀████       ▀▀ ▄██▄ ▀▀▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█  ▀▀       ▀▄▄ ▀████      ▄▄▄▀▀▀  █
█            ▄ ▀▄    ▄▄▄▀▀▀   ▄▄  █
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█ ▄▄   ███   ▀██  █           ▀▀  █ 
█ ███  ▀██       █        ▄▄      █ 
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
▀▄            █        ▀▀      █  
▀▀▄   ███▄  █   ▄▄          █   
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀    
▀▀▄   █   ▀▀▄▄▄▀▀▀         
▄▄▄▄▄▄▄▄▄▄▄█▄▄▀▀▀▀              
              ▄▄▄██████▄▄▄
          ▄▄████████████████▄▄
        ▄██████▀▀▀▀▀▀▀▀▀▀██████▄
▄     ▄█████▀             ▀█████▄
██▄▄ █████▀                ▀█████
 ████████            ▄██      █████
  ████████▄         ███▀       ████▄
  █████████▀▀     ▄███▀        █████
   █▀▀▀          █████         █████
     ▄▄▄         ████          █████
   █████          ▀▀           ████▀
    █████                     █████
     █████▄                 ▄█████
      ▀█████▄             ▄█████▀
        ▀██████▄▄▄▄▄▄▄▄▄▄██████▀
          ▀▀████████████████▀▀
              ▀▀▀██████▀▀▀
            ▄▄▄███████▄▄▄
         ▄█▀▀▀ ▄▄▄▄▄▄▄ ▀▀▀█▄
       █▀▀ ▄█████████████▄ ▀▀█
     █▀▀ ███████████████████ ▀▀█
    █▀ ███████████████████████ ▀█
   █▀ ███████████████▀▀ ███████ ▀█
 ▄█▀ ██████████████▀      ▀█████ ▀█▄
███ ███████████▀▀            ▀▀██ ███
███ ███████▀▀                     ███
███ ▀▀▀▀                          ███
▀██▄                             ▄██▀
  ▀█▄                            ▀▀
    █▄       █▄▄▄▄▄▄▄▄▄█
     █▄      ▀█████████▀
      ▀█▄      ▀▀▀▀▀▀▀
        ▀▀█▄▄  ▄▄▄
            ▀▀█████
[]
Jepli
Newbie
*
Online Online

Activity: 28


View Profile
January 13, 2018, 03:50:06 PM
 #13

Everyone is entitled for an option to use any wallet. But Electrum is still safe and useful we don't need to worry on anything because even if you use other wallets, still there is risk to it if hackers would really want to hack such.
faatipoke
Full Member
***
Offline Offline

Activity: 153



View Profile
January 20, 2018, 05:03:58 PM
 #14

Why people still using Electrum for Bitcoin storage and transaction? I was using Electrum before because Bitcoin price was not high as now, so buying a hardware wallet was not worthy. I had some bitcoin but price of a hardware wallet was almost same as my bitcoin holding value.
But now things are changed and bitcoin price increased huge, Bitcoin owners made 20 times in one year, so I expect every Bitcoin owner has money to buy a hardware wallet and it really worth it
I can understand only if you are new to Bitcoin and do not have enough Bitcoin to store in a hardware wallet.

HCP
Hero Member
*****
Offline Offline

Activity: 490

<insert witty quote here>


View Profile
January 20, 2018, 09:17:01 PM
 #15

You realise that you can use Electrum WITH hardware wallets (Trezor and Ledger) right?

I prefer to use it this way, because I like the Electrum interface better than the "Ledger Wallet Bitcoin" and I feel that it gives me more flexibility with coin control and customised fees and "preview" which are not really available in the Ledger chrome app.

cryptorampage
Newbie
*
Online Online

Activity: 28

Be cool Be Moderate Keep Patience


View Profile WWW
January 20, 2018, 09:20:15 PM
 #16

Yes correct  . The vulnerability issue has been on the ticker in the last few weeks . I have not flocked in any problem still . But i think time to move on . For BTC i would rather choose blockchain . Whats will be the ultimate solution ? I still believe on electrum wallet.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!