Transferring BTC from Electrum That Has Not Been Updated?

[Abdussamad]

so to use electrum i have to trust other softwares?

Yes starting with your BIOS and OS. You also have to trust your hardware manufacturer.

[Lucius]

so to use electrum i have to trust other softwares?

Exactly, only way to be 100% sure that you download correct file is to verify that file, and for that you need some tool/software. But you have possibility to check that software integrity in the way that it is described in post by pooya87.

You do not need to install Electrum first to verify it, it is actually the opposite procedure - you need to verify Electrum files which you download before installation, because otherwise the whole procedure does not make sense.

Electrum is easy to use light desktop wallet, but as you can see it is not 100% safe, especially for inexperienced users. Does this mean that you should stop using Electrum? It all depends on you and how much you really care about your coins, and accordingly to that you can take steps to increase security of coin storage. Hardware wallets are a logical choice, for 60-70$ you can get much better security then with most desktop wallets.

[fronti]

Hardware wallets are a logical choice, for 60-70$ you can get much better security then with most desktop wallets.

but you need to trust the hardware wallet vendors.
Also if you use a hardware wallet there are still phishing possibilities.
For example change a shown btc address on a website

Security is never easy!

[Lucius]

fronti, it is true that we need to trust to companies like Trezor or Ledger, but so far they have proved to have a good product for keeping our private keys safe. Phishing and hardware wallets, hm? Where you get that theory?

Private keys never leave hardware wallet, and you can use Electrum as UI, or Ledger Live for Nano S - phishing is dangerous for online wallet/exchanges. For clipboard malware which can change your address Ledger is implemented checking of sending address/receiving address, so if you enough careful there is no way that malware can trick you.

Nothing is not 100% safe, but I always look for the best possible option.

[jackg]

fronti, it is true that we need to trust to companies like Trezor or Ledger, but so far they have proved to have a good product for keeping our private keys safe. Phishing and hardware wallets, hm? Where you get that theory?

Hardware alone isnt great... Unless you pick it up from ledger hq or trezor hq there is always a risk you don't have a genuine device. Multisig with other devices (even another online one is preferable). The chances of a mail carrier hijacking are low in developed countries but high on less developed ones and not all post comes in as good a condition as it was promised. Some parcels that come through customs have suspicious appearances sometimes that makes them look like they've been opened.

A hardware wallet is greatly beneficial in a lot of cases but shouldn't wholly be relied upon.

[Artemis3]

Hey all.  So just to confirm.  Would it just be fine right now if i open electrum 3.0.5 as is and then try to send the remaining btc i have in my wallet to somewhere else?  But if i get that message, then i close it.  Then i close electrum.  Then go to the official electrum site and download electrum? 

Right now i just want to get any btc i have in electrum out of it and do not want to use it until later on when there is very little concerns on it.

Also the message that does pop up if it gives you that message, is it a link where if you click on it, it automatically downloads it?  So if you click on it by accident, could you still immediately cancel the download or once you click on that link, that is it?  Or do you have to download it fully and also go through the installation process?

You will be fine sending from the old version. If you connect to a fake server, when you try send the funds you get a scary message telling you to upgrade, go to electrumfakeserver yadda. Just ignore it; change the server to a legit one and try again.

In a legit server, you also get another scary message telling you to upgrade because your Electrum is "vulnerable" but the broadcast was successful (sigh). Ignore that too, you are done.

[jerry0]

Is there a picture that someone took of how the message looks like?  I saw another thread where someone showed a picture of it but it only shows like an okay to click on and no X on the top corner?


Also because i still have not claimed my btc cash and gold yet... would you say its probably better idea to claim those first... and then send the rest of the btc from my electrum to hardware wallet?  I ask this because if you do download that software, wouldn't that mean any btc cash or gold that you have and didn't claim, a hacker could claim that as well?  Also does anyone know if those ppl who downloaded the fake electrum from that message, did it infect their entire computer such as if they use a password program like lastpass or keepass, it infected that as well so all your password and accounts from a password manager is now infected?  Or its only the electrum? 

[jackg]

First result from Google was this one.


There's an x a help and an OK.

[jerry0]

Thanks.  So if you click okay, is that the same as clicking the x?  Thus only way to download it is by clicking on that link right?

[TryNinja]

Thanks.  So if you click okay, is that the same as clicking the x?  Thus only way to download it is by clicking on that link right?

Yes. You would need to click the link, download the file and run it to risk your coins.

Electrum only sees that as a error message and there is no way the hacker can pass “actions”, like opening a link, downloading a file or running a command in your wallet/PC.