Do and Don't for Electrum Wallet

[Artemis3]

It wasn't hacked, someone made a fake page and people were foolish to download the trojan from there... And there was also an incident of server spamming links, you could perfectly ignore. "Click here to download the new version", classical bait...

[o_e_l_e_o]

Yea of course it will vary from person to person, but most people definitely have access to hardware wallets — they just don't want to put in the effort because software wallets are simply better UX.

Play stupid games, win stupid prizes.

It is trivial to set up most hardware wallets to work via Electrum's GUI, so the only additional hurdle for you to access your coins is plugging in your hardware wallet and entering its PIN/passcode/etc. This is such a trivial step for the extra security that a hardware wallet brings you, that it really is just plain stupid to own a hardware wallet but not use it, especially when talking about other people's money.

It wasn't hacked, someone made a fake page and people were foolish to download the trojan from there.

Exactly this. The only "flaw" in Electrum was it allowed servers to display arbitrary text to clients which connected to them. It was entirely the fault of the users who followed random links shown to them, downloaded malicious software, did not verify it like they should have, and then installed and used it, all without ever performing basic common sense checks. Electrum was no more at fault here than a web browser would be if you used that web browser to visit a phishing site.

[Tony116]

On the other hand, I always download the latest version of Electrum to use and so far I haven't had any problems with either the old or new versions of Electrum. I have also read about his unfortunate incident, what the real cause is only he knows best, but I dare say it was his fault and not Electrum's. Electrum is arguably the most popular hot wallet in use to date, just because of a few cases of attacks we assume it's the wallet's fault. That is not correct, all attacks are largely due to user behavior.

It's really a big deal when something like this happens, and it's always an individual issue so we do not know if there is a general problem and what not. I have to say Binance is more secure than most of these, and people do not see it. I understand the logic behind it, you just do not trust someone else holding your money, I get it.

But, how many people lost their money on Binance, and how many did it when it was on their wallet? There are a lot more people who fail to do proper security on electrum and get "hacked" whereas Binance will keep your money safe, and with 2fa it is near impossible to get hacked as well which shows how great it is.

I cannot say that you are absolutely right about storing your coins on centralized exchanges like Binance. In my opinion, everything has its pros and cons, nothing is 100% perfect. So far, Binance is safe and there have not been any cases of asset hacks like the case of julerz12 has encountered but I've also seen a few cases where users were unexpectedly locked out of their accounts by Binance. Binance still handles those cases and users almost always get their accounts back, but it took us a long time. If we store it on a non-custodial wallet, we have full control of the assets but face the risks that julerz12 has taken. Risks are everywhere.

[o_e_l_e_o]

So far, Binance is safe and there have not been any cases of asset hacks like the case of julerz12 has encountered but I've also seen a few cases where users were unexpectedly locked out of their accounts by Binance.

Binance have suffered multiple hacks in the past. They were hacked in 2019 for $40 million worth of bitcoin. They were hacked in 2022 for $570 million worth of various altcoins and tokens. They were hacked in 2019 for the KYC data of thousands of users. Binance is not safe.

Binance still handles those cases and users almost always get their accounts back, but it took us a long time.

"Almost always", which means that some users just lose everything and there is nothing they can do about it.

Keeping your coins on any centralized exchange means they are not yours and you could lose them all at any time. It doesn't matter if the exchange in question is Binance. It is not safe.

[virasog]

So far, Binance is safe and there have not been any cases of asset hacks like the case of julerz12 has encountered but I've also seen a few cases where users were unexpectedly locked out of their accounts by Binance.

Binance have suffered multiple hacks in the past. They were hacked in 2019 for $40 million worth of bitcoin. They were hacked in 2022 for $570 million worth of various altcoins and tokens. They were hacked in 2019 for the KYC data of thousands of users. Binance is not safe.

Binance still handles those cases and users almost always get their accounts back, but it took us a long time.

"Almost always", which means that some users just lose everything and there is nothing they can do about it.

Keeping your coins on any centralized exchange means they are not yours and you could lose them all at any time. It doesn't matter if the exchange in question is Binance. It is not safe.

This is extremely wrong that people start to think that they can't keep the money safe in personalized wallets, so they started to make up mind that binance is safe.

Binance is not safe because of two reasons;

1) They can anytime scam or deny your withdrawals and you cannot do nothing
2) They can be hacked and again you will not get back your funds.

But people think that binance is safer as there is password and 2fa and all these securities while personalized wallets have only private keys and nothing else. I would call it lack of knowledge on the part of users and we need to educate people that decentralized wallets are safer than centralized wallets and exchanges,

[EarnOnVictor]

Electrum is a good Bitcoin wallet and I've seen many people say well of it, yet nothing is to be trusted 100%, but if the fault is not from the wallet itself, then you should absorb any blame as your fault if your coin is stolen.

Carelessness in most cases is the reason why money is stone, we should never trust anyone and even our gadget if we want to safeguard anything that is related to the internet.

All the possible security features must be activated on the wallet for proper security with a potent password combination of upper and lower case letters, numbers and others. And nothing must be stored on the computer, phone, and other gadgets. If possible on the 2FA, the gadget that would receive the combination must be offline or has nothing in common with the gadget from which you operate the wallet.

[o_e_l_e_o]

Binance is not safe because of two reasons;

1) They can anytime scam or deny your withdrawals and you cannot do nothing
2) They can be hacked and again you will not get back your funds.

Plenty more reasons you can add to that list, looking at all the reasons that other exchanges have collapsed over the last few months. They can be insolvent because they were gambling your money away or handing out incredibly risky under- or non-collateralized loans. Another exchange or bank which they use can shut down, be insolvent, deny them service, etc., and they can end up insolvent because of that. Your government could stop them operating in your jurisdiction, freezing your account and meaning you can no longer access your coins. You can end up a piece of malware on your device which steals your account details or session and empties your accounts. The list is endless.

If possible on the 2FA, the gadget that would receive the combination must be offline or has nothing in common with the gadget from which you operate the wallet.

This is the bare minimum for good 2FA. Having your 2FA authentication using the same device which you use to log in to the account in the first place means compromise of that one device will compromise both of your factors.

[Artemis3]

Of course, an exchange is like a bank, its not your money anymore. Pray they don't run with it...

[Jason Brendon]

electrum wallet is the industry standard for software wallets. If it wasn't reliable, it wouldn't have been there for almost 9 years.

[Kakmakr]

I don't got why like a huge majority of bitcoin/crypto holders wouldn't just buy a Ledger/Trezor. If they just use a reputable hardware wallet and just keep the backup offline, that's pretty secure enough for long-term holding. But nooo, most people wouldn't want to pay a measly <$100 for security.

Well, it might be because most people are not from first world countries ... where the currency is say 20 times stronger than what it is in 3rd world countries. You might think $100 is nothing .... but that is a months salary for many people that are working in 3rd world countries.

Also, not everyone are 100% computer literate..... they might struggle with things like firmware upgrades for these wallets. (Believe me.. I am 200% computer literate and the Ledger Nano firmware upgrade was a pain in the ass) 

[carlfebz2]

If you read this post, I've been hacked (Electrum 4.3.2), you will find that person lost his funds because he did not protect his wallet properly.

I would like people to tell and discuss that after installing Electrum wallet on the computer, what additional steps they should take so that there are minimal chances of their funds being hacked by the intruders and hackers.

Ive been using Electrum for 4-5 years as far as i remember and i didnt make myself being hacked.

1. Install AV
2. Make your windows updated
3. Dont click up on pop up updates (have issues before)
4. Dont download randomly on your PC
5. Put up password that you are the only ones who do have access on your own pc
6. Dont save up PK's on notepads or other text file

Its impossible that there would really be some internal exploit on Electrum itself because it  would really be a big main issue
if its proven.

[Oneandpure]

Of course, an exchange is like a bank, its not your money anymore. Pray they don't run with it...

Dilemma when saving Bitcoin fund in cold wallet have chance with firmware and something bad happen in our computer, but what did you say is true when holding Bitcoin in exchange is like in the bank and need pray every time for the exchange owner not run away our Bitcoin fund.

Use third party like Bank or exchange we don't have private key for controlling our Bitcoin fund, some thing bad will happen however trusted with exchange used for holding Bitcoin, enough with FTX collapse and  many exchange before become valid proof about can't fully trusted with exchange market as place for saving or holding cryptocurrency assets, if ability like cash money and save it under pillow I will save my Bitcoin or altcoin assets the same like cash money  .

[mendace]

To minimize the chances of your funds being hacked when using an Electrum wallet, there are several steps you should take:

Use a strong and unique password for your wallet.

Enable two-factor authentication (2FA) for added security.

Keep your computer and software updated to ensure that you have the latest security patches and fixes.

Do not share your seed phrase or private keys with anyone.

Do not use public Wi-Fi or untrusted networks to access your wallet.

Use a hardware wallet to store your private keys offline and away from potential attackers.

Use a cold storage option to store a large amount of cryptocurrency.

Be cautious of phishing scams and do not click on links from unknown sources.

Regularly backup your wallet and keep the backup in a secure and accessible place.

Be aware of the latest security threats and be vigilant when using your wallet online.

[_BlackStar]

Ive been using Electrum for 4-5 years as far as i remember and i didnt make myself being hacked.

1. Install AV
2. Make your windows updated
3. Dont click up on pop up updates (have issues before)
4. Dont download randomly on your PC
5. Put up password that you are the only ones who do have access on your own pc
6. Dont save up PK's on notepads or other text file

Its impossible that there would really be some internal exploit on Electrum itself because it  would really be a big main issue
if its proven.

The tips you shared may be of some use and that is how person should use his device. But we are all different, and this allows some Electrum users to make mistakes that end up self harm and them financially. I've also been using electrum since I got to know bitcoin, I'm grateful it's still safe but really I don't store anything on my PC or smartphone that I use everyday.

Having special device or hardware wallet is more secure, but of course it comes at some cost. For security reasons, the costs may be worth it with the reduced level of risk. But it's all about how a user realizes and how they get used to minimizing risks.

[countryfree]

I've been using Electrum for many years, and I give you some advices to make your computer more secure.

1/ Don't install an Electrum icon, nor a shortcut with another icon on your desktop. The software should be hidden.

2/ Create your own directory to install the software, and give it an innocent name, not Electrum, nor anything related to crypto.

It's not much, but if someone steals my computer (that happened to me a while ago), the thief will need time to find anything related to crypto on it.

[Lanatsa]

I've been using Electrum for many years, and I give you some advices to make your computer more secure.

1/ Don't install an Electrum icon, nor a shortcut with another icon on your desktop. The software should be hidden.

2/ Create your own directory to install the software, and give it an innocent name, not Electrum, nor anything related to crypto.

It's not much, but if someone steals my computer (that happened to me a while ago), the thief will need time to find anything related to crypto on it.

Is there a way that the thief would able to access that electrum wallet in case he had stolen your CPU and trying out to access it? We do know that it does have some password
unless if you do put it up obviously on whats your password then all of those coins in that wallet would be swept.Its still hard to bruteforce it out if you dont have that
electrum wallet password which its been mainly asked on the time that you would be accessing the program or wallet.So its still impossible
in this case.

[o_e_l_e_o]

It's not much, but if someone steals my computer (that happened to me a while ago), the thief will need time to find anything related to crypto on it.

A thief who knows what he is looking for is highly unlikely to just start manually opening random directories in your OS's file explorer to hunt for a wallet. Rather they will just perform an automated search for wallet files, or the Electrum software, or strings which appear in Electrum wallets files, or so on, which will find your wallets almost immediately.

Hiding files like this is false sense of security - security through obscurity, which is a bad idea. A much better idea is to add a strong password to all your wallet files which will encrypt them and keep them safe from attackers. If you want to hide the fact you even have Electrum installed altogether, then either use whole disk encryption or run Electrum directly from a removable USB drive or on a live OS.

[Emitdama]

I agree with others, something that has been hacked before would never give me trust ever again, it would not be possible at all for me to trust it and use it. Just remember the fact that there were tens of millions of dollars that went away from peoples wallets because of this, and there is no reason we should trust them again.

This is why I believe that we should be focusing a lot more towards finding something that has never been hacked or never had any bugs etc etc before, which would make it a safe thing or at least we know that it has been safe up to that point, and yeah it could still get hacked in the future but why risk it with something that has already done that before?

[S A KHAIR]

I agree with others, something that has been hacked before would never give me trust ever again, it would not be possible at all for me to trust it and use it. Just remember the fact that there were tens of millions of dollars that went away from peoples wallets because of this, and there is no reason we should trust them again.

This is why I believe that we should be focusing a lot more towards finding something that has never been hacked or never had any bugs etc etc before, which would make it a safe thing or at least we know that it has been safe up to that point, and yeah it could still get hacked in the future but why risk it with something that has already done that before?

If it is not reliable then it has not been used and has been around for more than 10 years. Every product in the release period will have bugs at times, but that doesn't mean it can't be fixed in the future. The question is, why do so many people use it with no problem, but you have issues with it? Its the fault of your wallet or yours?

[thebitcoinrebbe]

The easiest way to use electrum offline is to make two tails OS usbs. One should be offline and the other online. You should preferably have a dedicated offline computer, but if you don't, just run the offline tails os in airplane mode.

For the online wallet, use another tails os to put your xpub. You will pass the psbts with qr codes or burned cds. not usbs.