Bitcoin Forum
February 22, 2019, 11:51:45 PM *
News: Latest Bitcoin Core release: 0.17.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Electrum replacement needed.  (Read 288 times)
rokkyroad
Legendary
*
Offline Offline

Activity: 1090
Merit: 1000


View Profile
February 08, 2019, 12:00:06 AM
 #1

Can anyone recommend a light wallet for btc? Must have a linux version. Multibit was fine but its been abandoned. I have 0 trust in Electrum.

I do have Jaxx and Exodus for scraps but I don't trust these do it all wallets with btc.

" If you have to spam and shout to justify your existence then you are a shit coin."  TaunSew
1550879505
Hero Member
*
Offline Offline

Posts: 1550879505

View Profile Personal Message (Offline)

Ignore
1550879505
Reply with quote  #2

1550879505
Report to moderator
1550879505
Hero Member
*
Offline Offline

Posts: 1550879505

View Profile Personal Message (Offline)

Ignore
1550879505
Reply with quote  #2

1550879505
Report to moderator
In order to achieve higher forum ranks, you need both activity points and merit points.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
TryNinja
Legendary
*
Online Online

Activity: 924
Merit: 1025


ChipMixer's Badge of Honor


View Profile
February 08, 2019, 12:03:25 AM
 #2

I have 0 trust in Electrum.
Why? Because of the recent phishing attack?

The Electrum wallet is probably the only SPV wallet I trust. Even with the recent vulnerability, which was “only” showing messages and never really risked anyones funds directly.

rokkyroad
Legendary
*
Offline Offline

Activity: 1090
Merit: 1000


View Profile
February 08, 2019, 12:15:50 AM
 #3

I have 0 trust in Electrum.
Why? Because of the recent phishing attack?

The Electrum wallet is probably the only SPV wallet I trust. Even with the recent vulnerability, which was “only” showing messages and never really risked anyones funds directly.

Are you serious? 200 + btc stolen and you downplay it. Come on.


" If you have to spam and shout to justify your existence then you are a shit coin."  TaunSew
TryNinja
Legendary
*
Online Online

Activity: 924
Merit: 1025


ChipMixer's Badge of Honor


View Profile
February 08, 2019, 12:19:14 AM
 #4

Why? Because of the recent phishing attack?

The Electrum wallet is probably the only SPV wallet I trust. Even with the recent vulnerability, which was “only” showing messages and never really risked anyones funds directly.

Are you serious? 200 + btc stolen and you downplay it. Come on.
Yes. I’m not “downplaying” anything. I’m saying that even with the vulnerability, Electrum is pretty safe. If those users didn’t download the fake wallet (or verified the signatures), they wouldn’t have lost anything.

AGAIN, I’m not saying it’s the users’ fault. I’m just saying thet while I consider this a major exploit from the point of making people easily trust the messages, it’s not a direct issue with the code. At the end of the day, Electrum is way far ahead than most other wallets.

theymos
Administrator
Legendary
*
Offline Offline

Activity: 3304
Merit: 4939


View Profile
February 08, 2019, 12:37:32 AM
Merited by NeuroticFish (1), BitMaxz (1)
 #5

Wasabi is probably the next best, though it's certainly missing a ton of features compared to Electrum. Nothing lightweight comes close to Electrum's features.

Wasabi recently passed bitcoin.org's strict criteria for being listed.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
BitMaxz
Legendary
*
Online Online

Activity: 1344
Merit: 1101

Bitmain miners is getting worst.


View Profile WWW
February 08, 2019, 12:40:11 AM
 #6

You can choose other wallets instead if you don't feel safe on using electrum there are some other options but I'm not sure if which wallet is the safest to use nowadays. You can check some other Linux wallet option from here https://bitcoin.org/en/wallets/desktop/linux/

One of the wallet that I know safe is a green address this is my own alternative wallet but I can not guarantee that this wallet is 100% safe. I haven't experienced any issue yet while you using it. It is good for a temporary wallet while the electrum still in phishing attacks.

rokkyroad
Legendary
*
Offline Offline

Activity: 1090
Merit: 1000


View Profile
February 08, 2019, 02:48:56 AM
 #7

Thanks for the suggestions. I'll check out wasabi and greenaddress.

" If you have to spam and shout to justify your existence then you are a shit coin."  TaunSew
pooya87
Legendary
*
Offline Offline

Activity: 1554
Merit: 1409



View Profile
February 08, 2019, 05:18:11 AM
 #8

using a different wallet is never going to solve your security concerns.
you and everyone else have to start following certain security concepts in order to remain safe. two of the most important ones are usage of cold storage and learning how to verify PGP signatures 1 and 2.
for example if you download wasabi wallet and still don't verify its signature with the valid PGP public key you are still not increasing your security!

Mister1k
Hero Member
*****
Offline Offline

Activity: 882
Merit: 520


Free crypto every day here: discord.gg/pXB9nuZ


View Profile
February 08, 2019, 11:56:04 AM
 #9

using a different wallet is never going to solve your security concerns.
you and everyone else have to start following certain security concepts in order to remain safe. two of the most important ones are usage of cold storage and learning how to verify PGP signatures 1 and 2.
for example if you download wasabi wallet and still don't verify its signature with the valid PGP public key you are still not increasing your security!

Last hack issue on electrum caused this kind of thinking on having electrum wallet. I see there is no issue on last updated one on electrum. That will be perfect to have since the issue has been solved already.

wasabi is recommended by our admin hence op take it serious and then still there is not security complaints on wasabi so it does not cause the harm to users so security is there.



      ▄████████████▄
    ▄████████████████▄
   ██████▀       ▀████▄       ▄▄                 ▄▄▄
  █████           █████    ▐████                ▐████
 ██████         ▄█████     ████▌                █████
 ██████         █████     ▐████  ▄▄▄           ▐████▌   ▄██▄
  ██████▄               ▄▄██████████           █████  ▄████▀
   ████████▄       ▄▄█████████████▀  ▄▄▄▄      ████▌▄████▀  ▄▄████▄
     ▀█████████▄   ███████████▀▀  ▄████████▄  ▐████████▀  ▄█████████
        ▀█████████▄ ▀▀▀ ▐████▌   █████▀ ████  ███████▀   █████▀ ▀███
      ▄▄▄   ▀███████▄   █████   █████  ▄███  ▐███████   █████  ▄███▀
   ▄██████     ▀█████  ▐████▌   ████   ████  ████████▄  ████████▀
  ██████▀       █████  █████  ▄█████ ▄█████▄██████████▄ ▀█████  ▄██▄
 █████▀        ▄█████  ▐██████████████████████████ ████▄ ▀█████████▀       ▄████▄  ▄████▄  ██▄██▄██▄
 █████       ▄▄█████▀   ▀▀███▀   ▀▀██▀  ▀██▀ ▀██▀   ████▄  ▀▀▀▀▀▀ ▄▄      ██▀     ██▀  ▀██ ██  ██  ██
 ██████▄▄▄████████▀                                  █████▄▄▄▄▄▄████ ▄██▄ ██▄     ██▄  ▄██ ██  ██  ██
  ▀█████████████▀                                     ▀▀█████████▀▀  ▀██▀  ▀████▀  ▀████▀  ██  ██  ██
    ▀▀█████▀▀


██
██
██
██
██
██
██
██
██
██
██

             ▄▄▄▄▀▀▀▀▄
     ▄▄▄▄▀▀▀▀        ▀▄▄▄▄
▄▀▀▀▀                 █   ▀▀▀▀▀▀▀▄▄
█   ▄▀▀▄              ▀▄          █
 █  █▀▀█    ██▄        █          █
 ▀▄        ▐████▄       █        █
  █        ███████▄     ▀▄       █
   █      ▐████████      █       █
   ▀▄      ▀██████▌       █     █
    █        ▀████        ▀▄    █
     █         ▀█▌   █▄▄█  █    █
     ▀▄              ▀▄▄▀   █  █
      █                 ▄▄▄▀▀  █
       █        ▄▄▄▄▀▀▀▀       █
       ▀▄▄▄▄▀▀▀▀   ▀▀▀▀▀▀▄▄▄▄▄▄▀


██
██
██
██
██
██
██
██
██
██
██



██
██
██
██
██
██
██
██
██
██
██


«
«
«

»
»
»
bob123
Hero Member
*****
Offline Offline

Activity: 826
Merit: 830



View Profile WWW
February 08, 2019, 05:38:39 PM
 #10

[...]
AGAIN, I’m not saying it’s the users’ fault.
[...]

Let's be honest.. it was the fault of every single user who fell for this phishing scam.

Nothing is wrong with electrum security-wise. Some malicious electrum server exploited a low-severity-vulnerability in electrum to show a (very unprofessional) message (that's all they could do).

Electrum has never notified user about an update this way.
Each user who fell for this and downloaded the faked wallet without verifying the signature is fully responsible for their own loss.


@OP:
You have 0 trust in electrum, but use jaxx and exodus?
Both of them have already been proven to be exploitable (multiple times) which can easily result in a loss of funds / private keys.

Yet, there only was one severe vulnerability in electrum (the RPC vuln) which also required to have no password set in order to be really exploitable regarding stealing funds / private keys.

rokkyroad
Legendary
*
Offline Offline

Activity: 1090
Merit: 1000


View Profile
February 08, 2019, 07:02:35 PM
 #11

Yes, I have a few "scraps" in Jaxx and Exodus. Losing those scraps would not be a hardship. For the record, I did not lose funds from the recent electrum exploit but I am pissed off it happened. It would have been a huge loss for me. So, ya, I dodged a bullet.

Blaming unsuspecting users is not fair. Not everyone is as savvy as you. It's ok to be smug when you're not the ones that got hit.

Why do I keep seeing fresh reports of lost coins if people are being warned via electrums wallet?

There seems to be a concerted effort to downplay the exploit when in fact it was serious shit.


" If you have to spam and shout to justify your existence then you are a shit coin."  TaunSew
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1596
Merit: 1555

Use SegWit and enjoy lower fees.


View Profile WWW
February 08, 2019, 07:36:48 PM
 #12

Why do I keep seeing fresh reports of lost coins if people are being warned via electrums wallet?

Because Electrum is one of most popular light-weight/SPV wallet and people fell easily to social engineering attack (people believe "update" message from electrum server when they attempt to broadcast a transaction)

There seems to be a concerted effort to downplay the exploit when in fact it was serious shit.

Exploit which enable social engineering attack isn't that serious compared to another exploit which expose wallet's seed or private key IMO

HCP
Legendary
*
Offline Offline

Activity: 882
Merit: 1123

<insert witty quote here>


View Profile
February 08, 2019, 10:31:58 PM
 #13

There are still people falling for the "Dear sir, you have won $60million USD in Nigerian State Lottery" emails... there are still people falling for the "Hello, I am calling from Microsoft Security about virus on your computer" phone calls...

Try as hard as you can, you simply cannot protect people from themselves... Unfortunately, some are going to learn "the hard way"™ about security and personal responsibility when dealing with cryptocurrency Undecided

Was the recent exploit serious... yes... was it downplayed... No. There was even a "News" link at the top of all Bitcointalk pages by Theymos warning about it when it first happened. The exploit is now weeks old and it has been patched. If users are not updating and not staying up to date when dealing with their personal finances, you cannot blame the software developers for this.

I've said it multiple times... "Be your own bank" also implies "Be your own Bank's security department".

rokkyroad
Legendary
*
Offline Offline

Activity: 1090
Merit: 1000


View Profile
February 09, 2019, 12:03:56 AM
Last edit: February 09, 2019, 12:20:47 AM by rokkyroad
 #14

I'm pretty sure the majority of users do not check bitcointalk for wallet warnings. They tend to show up after they're hacked.

Assume the hacked ones downloaded electrum from the proper place and verified the download. I'm sure they never expected a message from the wallet to update, to be anything but above board.

Yes, I agree people should have disregarded the message and went to electrum.org to get and verify the new version. You can't fairly make this a comparison to Nigerian and Microsoft scams. It was unexpected and pretty damned slick.

Its all about trust. No one wants to entrust their bitcoins to dodgy software.




" If you have to spam and shout to justify your existence then you are a shit coin."  TaunSew
HCP
Legendary
*
Offline Offline

Activity: 882
Merit: 1123

<insert witty quote here>


View Profile
February 09, 2019, 04:02:20 AM
 #15

Its all about trust. No one wants to entrust their bitcoins to dodgy software.
Don't trust, verify!

Which is why, regardless of the fact that I always download Electrum from electrum.org... I will always verify the digital signature before installing and using it. I also always check the Electrum website on a semi-regular basis to look for updates.

In my opinion, Electrum isn't "dodgy"... and at the end of the day... the real blame lies at the feet of the scumbags executing these attacks.  Angry


pooya87
Legendary
*
Offline Offline

Activity: 1554
Merit: 1409



View Profile
February 09, 2019, 04:23:19 AM
 #16

using a different wallet is never going to solve your security concerns.
you and everyone else have to start following certain security concepts in order to remain safe. two of the most important ones are usage of cold storage and learning how to verify PGP signatures 1 and 2.
for example if you download wasabi wallet and still don't verify its signature with the valid PGP public key you are still not increasing your security!

Last hack issue on electrum caused this kind of thinking on having electrum wallet. I see there is no issue on last updated one on electrum. That will be perfect to have since the issue has been solved already.

wasabi is recommended by our admin hence op take it serious and then still there is not security complaints on wasabi so it does not cause the harm to users so security is there.

that is a dangerous way of thinking.
there are no 100% secure applications. there is always going to be some exploits in every code without an exception. it has been like this for as long as computer programming existed. thinking there is no more issues with Electrum or thinking there is no issues with other wallets is going to result in carelessness and losses.

Wind_FURY
Hero Member
*****
Offline Offline

Activity: 1008
Merit: 752


Crypto-Games.net: Multiple coins, multiple games


View Profile
February 09, 2019, 08:55:39 AM
 #17

For the newbies reading.

Use the Green Address wallet. It uses Segwit addresses that start with a "3" by default. You will not have any problems with compatibility when you're sending coins to a legacy address, unlike Electrum which uses the incompatible Bech32 address format as a default.

https://greenaddress.it/en/

With Green Address, there's no need to generate a BIP39 seed to use in Electrum, in generators like Ian Coleman's, https://iancoleman.io/bip39/


▄▄▄████████▄▄▄
▄██████████████████▄
▄██████████████████████▄
██████████████████████████
████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
████████████████████████████
██████████████████████████
▀██████████████████████▀
▀██████████████████▀
▀▀▀████████▀▀▀
   ███████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
██████████
███████
BTC  ◉PLAY  ◉XMR  ◉DOGE  ◉BCH  ◉STRAT  ◉ETH  ◉GAS  ◉LTC  ◉DASH  ◉PPC
     ▄▄██████████████▄▄
  ▄██████████████████████▄        █████
▄██████████████████████████▄      █████
████ ▄▄▄▄▄ ▄▄▄▄▄▄ ▄▄▄▄▄ ████     ▄██▀
████ █████ ██████ █████ ████    ▄██▀
████ █████ ██████ █████ ████    ██▀
████ █████ ██████ █████ ████    ██
████ ▀▀▀▀▀ ▀▀▀▀▀▀ ▀▀▀▀▀ ████ ▄██████▄
████████████████████████████ ████████
███████▀            ▀███████ ▀██████▀
█████▀                ▀█████
▀██████████████████████████▀
  ▀▀████████████████████▀▀ 
✔️DICE           
✔️BLACKJACK
✔️PLINKO
✔️VIDEO POKER
✔️ROULETTE     
✔️LOTTO
bob123
Hero Member
*****
Offline Offline

Activity: 826
Merit: 830



View Profile WWW
February 10, 2019, 08:45:07 AM
 #18

Its all about trust. No one wants to entrust their bitcoins to dodgy software.
Don't trust, verify!

Which is why, regardless of the fact that I always download Electrum from electrum.org... I will always verify the digital signature before installing and using it. I also always check the Electrum website on a semi-regular basis to look for updates.

In my opinion, Electrum isn't "dodgy"... and at the end of the day... the real blame lies at the feet of the scumbags executing these attacks.  Angry



verify what if he doesnt trust the developer?


Simple.. The source code.

Electrum is completely open source.

And if you don't trust the developer, simply check the whole code at github.
You only need to verify the source code once, then after each update you will simply be looking at the commits only to make sure no backdoor whatsoever has been built in.

You can even build it yourself from source if you don't want to download a prebuilt binary.

bob123
Hero Member
*****
Offline Offline

Activity: 826
Merit: 830



View Profile WWW
February 10, 2019, 02:21:20 PM
 #19

he doesnt trust developer.

Yes, thats why i have suggested to check the source code.

You can always trust the source code.



Prebuilt binary and source code do the same things (show everything from servers to users, not show security alerts).

Of course they do the same thing. But you are SURE that the program is doing what it is supposed to do.
You are eliminating the risk of the source code and the binary being actually 2 different programs (e.g. prebuilt binary including backdoor).

There is a good reason to "not show security alerts". This offers way too much room for exploitation and would create new potential attack vectors.


Each user IS and SHOULD responsible for his/her own security.
If you are depending on others to tell you when it is safe or not safe to use a software, you are doing something wrong.



So if he wants to build from source code he has to fix source code first but he is not a developer. Solution? "Electrum replacement needed"

There is nothing which needs to be fixed currently.

Also he didn't mention anywhere that he is not a developer, even tho its pretty probable, it's just what you are assuming.


I don't understand the big crying about this "vulnerability". All it allowed was to show a message from the electrum server.
That's nothing security-related at all.

This wouldn't even get a CVSS score of 3 of 10 (i calculated it myself). That's definitely just low severity.

TryNinja
Legendary
*
Online Online

Activity: 924
Merit: 1025


ChipMixer's Badge of Honor


View Profile
February 10, 2019, 03:50:34 PM
 #20

-snip-
Who cares about what Microsoft does? Their whole main product is a spyware (Windows). Stop using the “Microsft does” card all the time. We are presenting you FACTS. No expert is going to deny that PGP signatures are WAY safer than hash files verifications. Period.

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Bitcointalk.org is not available or authorized for sale. Do not believe any fake listings.
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!