Electrum servers banned me after i generated 1 Million Adress on electrum

[new19980]

so i was trying to generate 1.000.000 adresss and send btc to the adress number 1.000.001
as secondary protection i mean if a hacker get my seed and entred it on electrum he will find balance 0
because electrum only show 20 adresses and even if he has some experience and increased the gap he is likely
gonna increase it to 100 or 1000 max he will not expect that my btc is on the adress 1 million+
and if he try  increasing the gap too much his pc will freeze before he get the btc 
The issue is that i think electrum servers banned my IP during a test of just 10000 Gap

[Chibit01]

They consider you as spamming the server ( I don’t know if that language is right) but the only reason why you are not allowed to generate more address is because you have not conducted any single transaction in all of the 1m already generated even as you have plans to move all coins to the 1m+ address you can try to fund 1 or some part of the address first then empty it before continuing with your more wallet generation.

[promise444c5]

Hardware isn’t the problem , unless they don’t decide to check further or give up early..

If your problem is an hacker getting your seed then you’re not doing the right thing , why not focus on keeping your seed safe  instead ?  If you had chosen cold then  I’m very sure you would be worried about other parts like losing your  seed to accidents, natural disasters wrench attack….  instead of an hacker.

Besides, trying to spend by reimporting  the seed will always need you to do same  unless you backup the prv key instead.  

[The Cryptovator]

so i was trying to generate 1.000.000 adresss and send btc to the adress number 1.000.001
as secondary protection i mean if a hacker get my seed and entred it on electrum he will find balance 0
because electrum only show 20 adresses and even if he has some experience and increased the gap he is likely
gonna increase it to 100 or 1000 max he will not expect that my btc is on the adress 1 million+
and if he try  increasing the gap too much his pc will freeze before he get the btc  
The issue is that i think electrum servers banned my IP during a test of just 10000 Gap

Interesting, do you think hackers are more backdated than you? If you can't prevent compromising your seed, then likely your methods won't work. Because hackers are smarter than us, they use the latest and updated technologies to drain our wallets within seconds. So if they could gain your seed, then your funds won't be secured in your wallet. If you can access your funds, then why can't smart hackers access them if they have your seed phrase? They could scan your wallet easily.

For a while I haven't been using Electrum. But I can remember, when trying to generate a BNB address on the Ledger, they don't even allow you to create a new one unless you used the previous wallet. Now I don't know if the things changed; I am talking back almost two years. Electrum has some gap limits by default; there are a lot of things that work behind generating addresses. Just ask ChatGPT and you would get a clear answer.

The problem is not address generation itself. Generating 1 million addresses offline is possible.
The problem is:
scanning blockchain history
querying Electrum servers
synchronization time
RAM/CPU/network load

That’s why your IP probably got rate-limited around 10k gap scanning.

If you really wanted huge gaps, you would need:
your own Electrum server
or your own Bitcoin node

Public servers are not designed for massive wallet-gap scans.

[Charles-Tim]

How are you able to do that? I do not believe you did this.

I remember a time that I was experimenting to know how fast 50000 addresses can be generated which took me almost 2 hours on iancoleman tool. I imported the seed phrase on Electrum, but Electrum app began to get stuck and not working anytime I opened it. It was very frustrating for me until an update later fix it after some months as I wanted to delete the specific wallet, but I was unable to. I said to myself that time, that I will not try to do such a thing again on Electrum.

So this makes me find it difficult to believe you that you used Electrum to generate 1 million addresses.

[new19980]

You’re ignorant on this mate, once you used that 1,000,001 and used; that is recieve funds on it, it immediately lists under the list of used address. Once a scammer actually imports your seed phrase on its wallet and synchronize it, the balance will show and in the sending option the UTXO will be there available for sending.

Gap limits is maximum number of unused address you can generate not the used one

You are ignoring the computational and network cost. It is technically impossible and practically absurd for a wallet to scan 1,000,000 addresses by default just to see if they are 'used.'

Each address check requires a request-response from the server. Scanning a million addresses would:
Crash the client (RAM/CPU exhaustion).
Get the IP banned from the Electrum server for DDoS-like behavior.
Take hours just to open a single wallet.

That is exactly why the Gap Limit exists. It tells the software: 'Stop searching after 20 empty spots because checking more is a waste of resources.' If I hide my funds at index 1,000,000, no standard wallet will ever find them because no developer would program a wallet to be that inefficient."

How are you able to do that? I do not believe you did this.

I remember a time that I was experimenting to know how fast 50000 addresses can be generated which took me almost 2 hours on iancoleman tool. I imported the seed phrase on Electrum, but Electrum app began to get stuck and not working anytime I opened it. It was very frustrating for me until an update later fix it after some months as I wanted to delete the specific wallet, but I was unable to. I said to myself that time, that I will not try to do such a thing again on Electrum.

So this makes me find it difficult to believe you that you used Electrum to generate 1 million addresses.

I did not succesfully generated 1 million adresses instead i manually increased the gap limit in Electrum to 1000000
than electrum start freezing and the server blocked my ip. Im just trying to reach the point that using a big number
 like address 1.214.656 will make it almost impossible for the hacker to find your BTC.

And if you send small amount to address number 1 like 0.0005 BTC and have 10 BTC on address 1.214.656
the hacker will drain your first address only thinking that's all what you have and in the moment when you receive
 a notification about outgoing transaction you just need to extract the private  key of your address and move your coins.

By using the private key and a manual high-fee transaction, I bypass the wallet's sync issues and ensure my transaction hits the next block before the hacker even realizes there's a gap to scan.

[Zaguru12]

That is exactly why the Gap Limit exists. It tells the software: 'Stop searching after 20 empty spots because checking more is a waste of resources.' If I hide my funds at index 1,000,000, no standard wallet will ever find them because no developer would program a wallet to be that inefficient."

I perfectly get it now, electrum actually generates this addresses in a sequential order that means the wallet will automatically have generate the first 1 million first before recovering the 1,000,001 address or shows the balance. This will definitely trick the hacker because it will be hard to guess such a used address existing at that limit

[Charles-Tim]

I did not succesfully generated 1 million adresses instead i manually increased the gap limit in Electrum to 1000000
than electrum start freezing and the server blocked my ip. Im just trying to reach the point that using a big number
 like address 1.214.656 will make it almost impossible for the hacker to find your BTC.

Why not just create a wallet that its seed phrase is extended with a passphrase? This is better than something that will give you work to do in the future. 1 million addresses can not easily be generated on a computer. It may take almost 2 days. If you setup a wallet with passphrase, it will be difficult to compromise. Just do not store the passphrase together with the seed phrase.  Backup the seed phrase and the passphrase in different locations.

It is not even about IP ban alone, you will be frustrated on Electrum if you want to generate such number of addresses. The app will later not be working properly in a way you will not be able to use it.

[new19980]

I perfectly get it now, electrum actually generates this addresses in a sequential order that means the wallet will automatically have generate the first 1 million first before recovering the 1,000,001 address or shows the balance. This will definitely trick the hacker because it will be hard to guess such a used address existing at that limit

Exactly. Because it’s a sequential process, the gap acts as a physical barrier in a world of code.
Most hackers rely on automated scripts that follow the path of least resistance. By the time their script hits a 20 or 50-address gap, it flags the wallet as Empty/Cleared and moves on. They aren't going to waste hours or risk IP bans to find a needle in a haystack they don't even know exists.

Of course, this is just an extra layer of security (Defense in Depth). It is by no means a substitute for the absolute necessity of protecting your Seed and Passphrase. The goal is to gain a tactical advantage and buy time in a worst-case scenario where the Seed is compromised not to neglect the fundamentals of cold storage.

[promise444c5]

~

I perfectly get it now, electrum actually generates this addresses in a sequential order that means the wallet will automatically have generate the first 1 million first before recovering the 1,000,001 address or shows the balance. This will definitely trick the hacker because it will be hard to guess such a used address existing at that limit

Most wallets do this and not just Electrum…

Checking for any available UTXOs or previous txns is usually a blockchain scan of each derived address in order through the nodes or servers the client is connected to.

So technically, when you have a gap limit of 20, it checks addresses in order and stops after 20 consecutive unused addresses.. Part of the reason you see “sync” on Electrum is because it is checking deriv.addresses for txns history from servers.

~

They aren't going to waste hours or risk IP bans to find a needle in a haystack they don't even know exists..

If you’re worth it and you’re not just a random target, they will. Ban is only from third party servers…

[new19980]

Why not just create a wallet that its seed phrase is extended with a passphrase? This is better than something that will give you work to do in the future. 1 million addresses can not easily be generated on a computer. It may take almost 2 days. If you setup a wallet with passphrase, it will be difficult to compromise. Just do not store the passphrase together with the seed phrase.  Backup the seed phrase and the passphrase in different locations.

It is not even about IP ban alone, you will be frustrated on Electrum if you want to generate such number of addresses. The app will later not be working properly in a way you will not be able to use it.

You are 100% correct about the Passphrase it is a fundamental security practice, and I use it. However, you are looking at this as an Alternative, while I see it as a Tactical Decoy.
The moment that 0.0005 BTC moves, i get a notification. This is my Silent Alarm. Without this decoy i might not know
my seed was compromised until it’s too late.

I agree that Electrum will freeze if I try to sync 1 million addresses. That’s why I don’t sync them! instead i simply import the specific Private Key of address #1,214,656, bypasses all sync issues, and doesn't require generating a million addresses.

Summary: The Passphrase is my "Vault Door" but the Gap/Decoy is my "Hidden Compartment" and "Alarm System" combined. One protects the access, the other manages the aftermath of a breach.

If you’re worth it and you’re not just a random target, they will. Ban is only from third party servers…

My primary goal isn't to stop a nation-state actor, it's to filter out 99% of common hackers and automated scripts that only scan the default gap. Most breaches are carried out by bots that follow the path of least resistance, and this strategy renders their tools useless. Even against a professional, the decoy acts as an Early Warning System, the moment they touch the bait, i am notified and can sweep the private key in seconds while they are still trying to figure out why the wallet looks empty. Security is ultimately about making the attack too expensive and time-consuming, and by the time a pro realizes there is a gap to scan, I have already won the race and moved my coins to a new seed.
At the end 1 million is just an example you probably would be fine with just 5000-10000
so you simply need to ask electrum to extract address number 5324 for example and when time come ask it to extract private key of adress 5324 instead of syncing 5k addresses and crashing your device.

[BitMaxz]

Generating 1 million addresses or increasing the gap to 1 million will cause Electrum to crash and servers to believe you are attempting a DDoS attack, which is why your IP address is banned. Once you generate new addresses, Electrum will check each address to the server individually to check the status and balances of these addresses.
Individual users are limited on Electrum servers. I'm not sure how many requests are allowed per server, but I've heard that 1,000 attempts are allowed; anything more than that may result in your IP being marked as a DDoS attack by any server.

If you want to get the 1 million address without crashing, I think you need to increase your PC RAM memory and then run it offline to avoid syncing to servers.
Or directly export the private key in the console using this command getprivatekeyforpath()
Sample command:

Code:

getprivatekeyforpath("m/0/0")

That is the first address generated from the wallet.

Hope this one will work, and you can switch to another server if you are just banned from a single Electrum server. Just click the circle at the bottom right and choose server you want.

Another sample just in case:

Code:

getprivatekeyforpath("m/0/999999")

At least you skip the crashing issue from Electrum and then use that private key and import it to a cold storage wallet.

[Charles-Tim]

If you want to get the 1 million address without crashing, I think you need to increase your PC RAM memory and then run it offline to avoid syncing to servers.

It is better he uses that command if that is what he wants to achieve. The freeze is not about synching, it will also freeze if his Electrum wallet is offline.

Hope this one will work, and you can switch to another server if you are just banned from a single Electrum server. Just click the circle at the bottom right and choose server you want.

From what he later explained, no server that banned his IP. It was what that happened to me that he is also referring to. I was not online when I experimented the 50000 addresses, but the same thing happened.

[nc50lc]

because electrum only show 20 adresses and even if he has some experience and increased the gap he is likely
gonna increase it to 100 or 1000 max he will not expect that my btc is on the adress 1 million+

Interesting take, but it will also fall into a trap that when you forgotten about that set-up (e.g.: head trauma/disease), you'll never find a reference
on how to properly restore your bitcoins. (at least keep a note alongside with your backup)

But if you really want that, I think it's possible with wallets that utilize descriptor with "range" arg.

For example: in Bitcoin Core, you can specify the range of which keys to generate when importing a descriptor.
And here's an RPC command to test (in RegTest):

Code:

importdescriptors '[{"desc":"wpkh(tprv8ZgxMBicQKsPdEMqjkyQ8b1Cth8PFGM5PPUyJ74AbfZp56zBrxhqrdDDk2pGtj7JPUkNMkCEUFbLQxrLZ7Q78tuAziqqA49vNpFDLPMZ8dw/84h/1h/0h/0/*)#6qajq2u7","internal": false,"timestamp": "now","active": true,"range":[1000000,1000999]}]'

Range is at 1000000~1000999.

When imported to a blank wallet, it'll generate address starting from index "1000000" instead of '0'.
Screenshot of the first address in the receive tab:


Screenshot of the address' derivation path, derived from the master private key:


You can't do this in Electrum though.

[bitbollo]

I have tried something similar on my first experience with Multibit.
The wallet crashed miserably after few hundreds and in general keep track of any potential update become impossible.
Definitely was another era but as reported by nc50lc this is a way to keep the btc out also from your pocket...
I would also consider that its a very unsafe way for key generation, even because the speed factor could be reduced dramatically with a proper setup that made these searches or as a specific setup = someone find your seed and instructions on how you manage it...

[LoyceV]

You are ignoring the computational and network cost. It is technically impossible and practically absurd for a wallet to scan 1,000,000 addresses by default just to see if they are 'used.'

Each address check requires a request-response from the server. Scanning a million addresses would:
Crash the client (RAM/CPU exhaustion).
Get the IP banned from the Electrum server for DDoS-like behavior.
Take hours just to open a single wallet.

Checking the balance of millions of addresses takes only seconds:

How to use
The most likely use is to check a long list of Bitcoin addresses for a remaining balance.
On Linux, use this to find matching addresses (after extrating the compressed .gz file of course):

Code:

export LC_ALL=C # to use the same sorting I use
comm -12 Bitcoin_addresses_LATEST.txt <(cat mylist.txt | sort | uniq)

• Bitcoin_addresses_LATEST.txt: the extracted latest version downloaded from addresses.loyce.club.
• mylist.txt: your own list of addresses, one address per line.

This takes only seconds to check millions of addresses.

I did not succesfully generated 1 million adresses instead i manually increased the gap limit in Electrum to 1000000 than electrum start freezing and the server blocked my ip.

Install your own Electrum server, so you can unfreeze your IP. But you'll find out Electrum wasn't designed for this, and gets exponentially slower when checking that many addresses. Don't forget it has to check all of them again for each new block that's created!

Im just trying to reach the point that using a big number like address 1.214.656 will make it almost impossible for the hacker to find your BTC.

Chances are you'll forget how to recover your coins (10 years from now), but if you really want this, use Ian Coleman's BIP39 Mnemonic Code:

Code:

m/44'/0'/0'/0/19	1Q14kYxRyzBenhnDMmGDxSZZSUwhq2jkBq	03e9057c9600dac861941ca2a761de0ef521154d6958d90fa465beb2dac15cbb19	KzcmDUC58w6i6abd7s91gnTaiL2YihCnFyE3f4cjh87qAn1oiBr5
m/44'/0'/0'/0/20	1E3X63MvAF95qoVDnPVHoqHciTT1emvAY2	0332a16ad7817c477a5946517a324409f839a5f29163d27a439e67d2755decc5ca	KzCEGXBqGftfzPyQMKy3GPErM7WT7XviRPfJxYRC7tzhmeD9Kxkw
m/44'/0'/0'/0/21	17jFgaxcts7GRWp21RqQoHSnmwG4F2afws	02a5f71555a1eb410f7e55221ef32687ca0136371d888d92fddfdd5f04cf4b29aa	L3ywozVocSeMk1FvtfMcjDvj256fxdYEcykDFCLydsArZWJ73Hut
m/44'/0'/0'/0/22	1LS7RfvF5tpGCFfxfgxD2XrH8nqkcihHkF	02e5e57d4cf41de25f95ef61762480223b6adcd46e378b7630634ce55db125088b	Ky4n2Nx1zeoqpHXQwkbLR5QEXzeMNuhwtqpkFXsvuQVA6h6oF7iz
m/44'/0'/0'/0/23	18iCy1BXwDhpCiar2ozqKTiJq8ZVJh1Hj3	02285fba2b6c373ffac4d126b4d57764bf5b44bfd4090b09d79505f9c8a6d1c0ba	L4Q9xpCFaMggK3TTRXuwaeDzmSPL9fTJqctdWE2YcbiX1JUH583u
m/44'/0'/0'/0/24	1KrP9LjMrFqDLci4QhgThzrDHgQYKK1xqH	0267d55bceee85c4363a50a8b1c01cac1f5060b4313f5c0d39ed23aff2417538b8	KwSWuxdNeNjTa8XkGw3cNj7ScupXkYLrqup7exRYcjGSP26MabEu
m/44'/0'/0'/0/1000001	16WjZAJKhbuq14HQJMcYVGY1ACJA1pHcEc	03015d13587d000224e5ec6c28e6eac61ad17f50abc4c2d8c4255e23ab2c5bc920	L46tc1VudBkXVJD7N6ZEJg8Y9qvNDT3bUbXFuFHWSxHGTUwtZ8KL
m/44'/0'/0'/0/1000002	1NEbzyqA8BiZdmaNHhiLQSjtxQ3Ekxfyeq	029e7a920bc8fe7c863eabdf2fc430337ef7e3b33da3ca31959d0d86dd4b39c72b	KxALZvp5nLiM8pgZ6ZkqWn8rkryb2CuNV86nh3furrU5iemVVxhX
m/44'/0'/0'/0/1000003	17c6rJvdwBHRgVvvr1A8oNWjkajKEKDcdb	03931089b98c21abbb911d9beb884bc8276f80c3650f25f4e7e85103c2a5dbbd3e	KwMTB7eppvZvPnXAmbKj8dUdbUssZnAtsamdHSoTtTffFY4Sr5Ci
m/44'/0'/0'/0/1000004	1BVPw3zs8woz84nHdbdrmUSBxWy3tRbMvr	02939f13beebde3425fe177d53115557a43158286f6ab2f9b087dd6aa35f52e450	L5bLAwrmvGKUywRBHEfCw6EzvPZNUrGAtqFvBH1Eofo27pqJFPTi
m/44'/0'/0'/0/1000005	1AQikFDRyQKWxrSGLsiGY5rdGuWujw7UGb	02273f0574c632bd219a1e54aa2b8579f9788035b59be191ecc80308def93e8677	KxnQcrGw7hvTzs4CW3oCGgamn8Wmt6pnEnuR9Rp4uJgqvVndj3fy
m/44'/0'/0'/0/1000006	14cfueLYDBPdUktpDXynPfFn8mieAroAJZ	02c995d7b02e3eae46084ae9288f64696c56d25ed779a4d1e1a5f5894e74821a80	L4XCs92Gnv3Rsx1VdErrW79TSKji66qcmNwrVFXr5EFuuiw4Efta

Just set "starting from index" to a large number (and don't forget that number!).
Warning: Never enter your seed phrase on any website! Do this offline, on an airgapped system running from RAM (Live Linux DVD).

The moment that 0.0005 BTC moves, i get a notification. This is my Silent Alarm. Without this decoy i might not know
my seed was compromised until it’s too late.

This makes sense. But you could accomplish the same by creating a passphrase wallet on the same seed phrase. As long as you're aware of the risks: go for it

From what he later explained, no server that banned his IP. It was what that happened to me that he is also referring to. I was not online when I experimented the 50000 addresses, but the same thing happened.

If you want to try with used addresses: see here