What are /r/Electrum's favorite Products & Services?

From 3.5 billion Reddit comments

Electrum is still the best wallet for most (including new) users - the current DDoS attack against servers does not change that. What you need to know now is:

• Have you downloaded the newest Electrum (3.3.4) only from <em>electrum.org</em>? You cannot use versions less than 3.3 now on the public network. This newest version will not show the phishing screen that has tricked users of old wallets into downloading BTC-stealing malware look-alike wallets.
• Have you securely stored your seed words off your computer in a safe place? Anyone with these words can recreate your wallet (and spend your BTC)

You may have some trouble (or may not) syncing to a server - new ones are being added daily and the devs are working tirelessly behind the scenes to make both the wallet and network secure and available. The blacklist just helps keep you from connecting to a malicious server (and keeping them off the network) - it is invisible to you as a user. As long as you can get a green (or blue) light in the lower right corner you are good to go.

Be aware that there is a lot of BTC transactions right now and fees are higher because of it. Setting the fee slider in the middle notch should help ensure your transaction clears in about an hour.

Don't let the current DDoS attack sour you on BTC.

https://electrum.org is the official site. Beware anything else claiming otherwise.

You can check the signature of the downloaded file but if you have installed or run it then it is too late. The moment you run anything from a questionable source your system is potentially compromised. It can insert itself into any system components and requires a OS reinstall to be safe.

To check signature follow this:

https://www.reddit.com/r/Bitcoin/comments/3gygtk/electrum_verifying_the_downloads_authenticity/cu2sb48/

If you are on Linux I can help but on the other OSes I would be stumbling around.

You will need persistence enabled or have to download each time you boot up. Either way works but the first is less hassle. I'll just give a new step-by-step here:

1. Use Tor browser and be sure to visit correct https://electrum.org. Click downloads and scroll down to choose Linux version archive tar.gz file. Save it to your "Tor Browser" file (only choice really).

2. Open file manager and go to Tor BRowser folder. Open Electrum archive with archive manager (right click) and extract to your "Persistent" folder (if persistence enabled), or just to local folder if no persistence (in which case you have to repeat every new session).

3. You should have a folder named "Electrum-3.0.1" with a bunch of files in it. You can click on the folder and run the electrum program. With persistence enabled for Electrum it will find your "home" default wallet as normal. Without that enabled you will need to use File Open to select your wallet file wherever it may be.

4. If you have trouble running the program from file manager then open a Terminal (main menu, favourites) and cd Persistent/Electrum-3.0.1 and then run with python electrum command.

5, Do not use the main desktop menu to run Electrum as that will run the old version. The menu cannot be easily changed in Tails without much mucking around. You can create a desktop icon for the new version but that's also a bit of hassle. For that you need "dotfiles" persistence enabled. If you want to do that then just ask and I'll give steps again.

Yes, just as long as you have not imported any extra private keys:

https://electrum.org/tutorials.html#switching-to-electrum

>You could import the private keys from your old client, but you will have to keep a backup of those keys separately as they won't become part of your Electrum seed.

You will be able to recover all of your money with just the seed words, however, if you want to recover your labels and history, you need to separately export those items, or back them up together with "File -> Save Copy"

Before you commit to this, you should do a test with your systems and a small amount of bitcoin, just to make sure that you have the correct procedure.

" To users: when you broadcast a transaction, servers can tell you about errors with the transaction. In Electrum versions before 3.3.3, this error is arbitrary text, and what's worse, it is HTML/rich text (as that is the Qt default). So the server you are connected to can try to trick you by telling you to install malware (disguised as an update). You should update Electrum from the official website so that servers can no longer do this to you. If you see these messages/popups, just make sure you don't follow them and that you don't install what they tell you to install. The messages are just messages, they cannot hurt you by themselves."
Alright I'm guessing I was scammed just gonna keep this post up as a warning to others only download from Electrum.org nice...

> Electrum binaries are often flagged by various anti-virus software. There is nothing we can do about it, so please stop reporting that to us. Anti-virus software uses heuristics in order to determine if a program is malware, and that often results in false positives. If you trust the developers of the project, you can verify the GPG signature of Electrum binaries, and safely ignore any anti-virus warnings. If you do not trust the developers of the project, you should build the binaries yourself, or run the software from source. Finally, if you are really concerned about malware, you should not use an operating system that relies on anti-virus software.

- <em>Electrum Homepage</em>

As always... read the documentation and verify downloads with GPG

It's always good to think about back-up plans, although I wouldn't worry so much about not being able to access your Electrum wallet in the future. Electrum is an open source project, it's on github (you can fork it to save a copy), so the worst that could happen is that development of the application stalls. It'll still be there, accessible, runnable as a program. If you're really concerned about this possibility, you could download the latest tar.gz file and its signature and save those files somewhere like in your nextcloud/dropbox/gdrive, etc. If you're going to store your private key somewhere, encrypt it!

> 2FA

Your using a 2FA r/Electrum wallet which means you have to pay the 2FA tax as well as fund the TXN and pay the miners. You can't do all three with your balance. Either reduce the amount you send, or pay a lower txn fee rate, or import your key to a non-2FA wallet to bypass the 2FA tax.

I love the 2FA feature, but don't let anyone tell you its free.

As always... read the manuals for these mysteries to be explained: https://electrum.org/#documentation

If your wallet is legitimate (and sounds like it is if you downloaded only from electrum.org) then one of two things happened:

1. Your seed words (or private keys) were compromised at one point. Never share these with anyone - whomever has your seeds (or keys) has access to your BTC.
2. Your computer at large was compromised, not Electrum. Malware on your computer, remote admin software, keyloggers, or old-fashioned physical access (leaving it unlocked and available to others).

Try the "Run without installing" method under "Installation from Python sources" on the download page. You can then create a shortcut to run_electrum on your desktop for easy access.

From my understanding, once you get your 10 BTC at address #gobbledygook123 out of the Electrum wallet A and into address #gobbledygook475 in wallet B, address #gobbledygook123 at wallet A reads 0 balance. On the BCC blockchain address #gobbledygook123 is still in the same state it was at the time of the fork - 10 coins, only those coin are now BCC and worth what BCC is trading for. You access that address #gobbledygook123 with the same private keys that controlled them at the time of the fork, which are still sitting in your Electrum wallet A. If you go by the highly-caveated route outlined by the Electrum people and import your private keys into an Electron Cash wallet (not Electrum Cash as you mentioned) on a DIFFERENT machine than wallet B, it will show you have 10 BCC. Why a different machine is because, if I understood right, Electron Cash is badass and tries to take over ALL Electrum wallets it can find by scanning your directories. How it will do that without giving it the seed or private keys for wallet B, I don't know, but I'm not curious to find out by trying! If Ledger Nano is your wallet B, I would think you can install Electron Cash on the same Electrum machine once all the BTC are confirmed in the Ledger Nano in a different address with different private keys (exactly as if you paid a third party). All that said, I am not sure if there are other ways of capturing BCC without using the Electron Cash route. Now that the dust has settled, I'm hoping Voegtlin of Electrum will suggest another way than dealing with anonymous Mr Fyookball and everyone risk having their fyookcash being eaten. HTH and if I goofed somewhere please shout!

You don't need to do anything if you don't want to split the coins. As long as you still have your seed you can always get the cash coin later, no problem.

Electrum officially only supports BTC, but there is a fork of it called Electron Cash (https://electroncash.org/) that can be used with BCH... It is pretty messy right now, maybe there will be a better way to do this later. Here is also a write up from the Electrum Developer about this: https://electrum.org/bcc2.txt

Electrum's advice on how to claim your BCC (posted at https://electrum.org/bcc2.txt):

1. Install Electron Cash on a machine that does not have your Electrum wallets.

2. Wait until the BCC hard fork has taken place, and a few BCC blocks have been mined.

3. Move all your Electrum funds to a new Electrum wallet. This will move only your BTC, and not your BCC, because the BCC blockchain has replay protection. Wait until the transaction is confirmed.

4. Enter the seed of your (now empty) old wallet or private keys in Electron Cash. Since the BTC have been moved to a new wallet, entering your old seed in Electron Cash will not put your BTC funds at risk.

Following these 4 easy steps you will be able to access your BCC without compromising your BTC

You can check Electrum's statement about BCC here, in case you didn't already. And even though it sounds counter intuitive to import an old key with 0BTC on a new BCC wallet, that seems to be no problem "because BCC has replay protection." Whatever that means.

If you view your electrum wallet file in a text editor you should see the xprv for your wallet. Restore your wallet using that in bitwallet. Give it the same derivation path and wallet type (segwit p2sh) as before.

Run electrum and use file > save copy to save a copy of your wallet file where you can find it. An example snippet of what you're looking for is given below:

http://termbin.com/1r62

I don't think that you should worry about this.

Your premise starts of with somebody hacking elliptical curve encryption and then they get a copy of your wallet. Seems unlikely.

If you are actually worried about this, Use Tails, and keep your wallet file in the encrypted persistent partition.

https://tails.boum.org/

Tails now ships with Electrum installed.

Do yourself a favor and take the old hard drive out and throw it in the garbage. No matter what you use (hard drive, SSD, flash drive), you should have a backup of it. With Electrum, you can write down your seed words and keep them in a safe place as one form of backup.

Don't use Windows. It is the current winner of the most used (non-embedded) OS, so most viruses, malware, other exploits are written for it.

You may want to look into using Tails with a persistent partition for your bootable flash drive.

I think 7 characters is too short. I've heard it advised to make it at least 37 chars but I wasn't told how that number was chosen.

Your 7 char passphrase is easy to remember but too short for security. Do this then - hash it! Search online how to do a SHA-256 hash on your laptop's terminal. Here's an app when you want to do the same hash on your phone - https://play.google.com/store/apps/details?id=com.hobbyone.HashDroid

By using the hash value of your easy-to-remember passphrase, you will have a very long, repeatable alpha-numeric passphrase created. You decide if you want to use 37 chars from its output, or 25, or 50, or other.

I always download the latest from Electrum.org and verify the binary against the checksum and the signature.

Tails OS may not always have the latest and there was a time couple of years ago now, that an insecure remained in Tails for many months as there was no upgrade to the OS.

> Any idea what happened?

Yes... you forgot to verify your download using GPG. It's a common phish to impersonate the electrum.org name. DNS technology can be pretty weak, and unless you dot your eyes and cross your tees, it is easy to get redirected.

Sorry for your loss.

no need to worry. The important message here is gpg: Good signature from "Thomas Voegtlin (https://electrum.org) [email protected]"

the warning is because you haven't explicitly trusted ThomasV signature with your own certificate. I don't really use the verification with command line, so I'm not sure how to explain how to do it. But in a GUI version, you'd click on thomas's certificate and look for a option to trust it.

Bingo, that seems to work, thank you! Should I be worried about the warning?

gpg --verify electrum-4.0.9-x86_64.AppImage.asc electrum-4.0.9-x86_64.AppImage

gpg: Signature made Fri 18 Dec 2020 01:07:20 PM CST gpg: using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6 gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <>" [unknown] gpg: aka "ThomasV <>" [unknown] gpg: aka "Thomas Voegtlin <>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6

In the background window in the background of your image. The same windows imaged that displays "Replace by Fee: True"

Check out the documentation (both manuals) to learn about fees and how to adjust them.

https://electrum.org/#documentation

Are you talking about the 12 seed words or a passphrase you enter after the seeds? after correctly entering your 12 seed words, the checksum should have a check mark if theyre correct, then you can go to the next screen to enter a passphrase if you have one set up. If not, the wallet should restore if the 12 words are correct. How did you update? did you download directly from electrum.org? did you verify the ThomasV signature?

Tails is an operating system (like Windows) based on Linux. The easiest way to get going is visit https://tails.boum.org/ and follow the steps for creating a bootable USB stick. Click the Install link on right side. You'll want to do some reading about what Tor and Tails are.

Once you have that usb stick you can boot your computer on it and it will automatically connect via Tor and ensure all traffic is anonymous and data is transient (not saved to disk). Tails comes with Electrum installed already so you only need to use the menu (like Start menu in Windows) to run Electrum.

Once you have Electrum running you will want to create a new wallet with menu File, New/Restore and follow the steps for "Standard" wallet. You must be sure to write down the seed words safely. With Tails in default configuration it will not save your wallet file and you will need to enter the seed words when you boot again and run Electrum in future.

You can have Tails save to disk but for privacy by default Tor make sure no data is written to disk between sessions. If you aren't worried about your usb stick being found and searched then you can enable "persistence" for saving. The warnings and steps are in the Tails docs.

If you need specific private help just PM me.

The official site of Electrum is Electrum.org.

The three apps for Windows are Standalone, Portable, and Installer.

&gt; the standard first one would not download as it kept saying virus detected and wouldn't leave me override it, so I managed to download the second option and it downloaded as the third option seemed like not the right one.. so when I went to run the second linkefor windows it essentially came up the same fatal error to run

The Windows anti-virus'es ( many of them) will flag even normal executables as viruses.

The surest way to figure out that an application is genuine ( and not a virus ) is to check its gpg key ( mentioned in electrum.org/downloads). But its technically hard to do it.

So what you can do is, just override the rejection by your anti-virus. Try to see in the anti-virus settings, or in the warning message, how you can ignore that error ( its possible to ignore such errors).

Yikes!!

It's in the manual. You really need to ensure you read the instructions on most anything Bitcoin.

Update: re-linked windows instructions. But seriously... please read the docs

CC: u/HowDoISignIn

You lost relatively less. Consider it a lesson in security. Its not really that less if you are a student, and it can be a lot to someone, but considering the lesson it has given you about security, its not that high imo.

Now try to use secure wallets. And NEVER ever trust any site that's not totally foolproof. You should not even trust electrum.org, or bitcoin.org for anything other than reading material, because even their dns can be hacked or redirected for your machine.

My best advice is to learn to use Tails on USB stick. But that comes after you stop trusting sites and random applications.
(You must not install any random applications on your machine, is another rule of security)

Download the latest version from https://electrum.org/#download and run that.

&#x200B;

It is possible you have an older version of electrum which has a bug where it displays errors from servers as official looking popups. That is likely what you are seeing.

You should write down your Electrum seed words and then upgrade Tails instead.

The newest version of Tails has the latest version of Electrum already installed:

https://tails.boum.org/download/index.en.html

https://electrum.org/#download

I also want to point out that the one time I got a valid signature, I right clicked “downloads” and opened it in a new window from the Electrum home page. I don’t know that means anything.

I know. I’m not trying to be an ass or anything. I am just getting annoyed. And because I don’t have an incredibly strong background with anything other than the simply right click, decrypt, verify etc that is in Tails and Importing the public key (from Electrum.org, github, I’ve tried many of the signatures I have found) with Kleopatra on Windows. Other than that, I’m kind of at a loss and getting frustrated because I’m going through these manuals and guides and trying to jam all of this education into my head.

I’m frustrated mostly because Ive always used the easy methods and I don’t know another way. I’m goin through the manual but it’s hard on your own with no help.

Is there a command in particular I should be using? Like I said I have tried both Windows and Tails. Should I always use command lines instead of the cheat tools?

>Electrum binaries are often flagged by various anti-virus software. There is nothing we can do about it, so please stop reporting that to us.

https://electrum.org/#download (near the bottom)

Beware any in-app message saying to upgrade. ONLY upgrade from the official site. Older versions are likely to connect to bad servers and they can trick you into upgrading from the wrong site.

I had an issue this latest update also. Follow the instructions and then add the --upgrade option when you install;

sudo apt-get install --upgrade python3-setuptools python3-pip python3 -m pip install --user Electrum-3.3.4.tar.gz[fast]

Make sure you're on electrum.org. Worked for me.

Sorry for your loss.

It is important that you do not share your private key. Install Electum on your computer and use the import feature, you will be asked for an old wallet once you open the app.

What makes you think it's an Electum wallet?

Since you were so helpful. I've also sent BCH to an address in my Electrum wallet before realizing I would need Electron Cash to store that... I've read about exporting the private key and it should work, but I also read this..

https://electrum.org/bcc2.txt

Saying to keep the wallets on separate devices.. Is this still relevant or was this just through the fork?

Upgrading will not move any BTC. They remain on the same address as now. It's simply the software which changes and the latest software will work better on the network and allow access to your BTC as they exist. Remember, your BTC are sitting on the blockchain, not in your wallet. Your wallet contains the keys that allow signing a transaction moving the BTC. Upgrading gives you new tools for doing that but can't move BTC without you (assuming you don't download fake/malicious malware). Just be sure you upgrade with valid software from https://electrum.org and that you verify the software with the signatures. There is some tutorials around here I (and others) have posted in the past.

More info would be useful: What version? What OS? Did you download from official web site https://electrum.org - What type of installer or archive did you start with? Also, need more detailed description of what actual steps you took so far.

If you have a bug or development issue then you should post an issue on github as most devs read them. But be forewarned if it's a user support issue it'll be closed as it's not for that. The community page lists places for support. Many devs read bitcointalk.org and some here as well.

No you're fine. The BCH is still there in your empty electrum BTC wallet. Make sure you have emptied out the BTC in the wallet. Then export the privkey and import the privkey into your preferred Bitcoin Cash wallet. You should see the bitcoin cash in the wallet. If you are unsure you still have any bitcoin cash just paste your public address here in this bitcoin cash block explorer and check: https://blockchair.com/bitcoin-cash/blocks

Close electrum and re-open it. Sometimes a network error will cause connections to stop working.

Are you using the latest version of electrum? Check https://electrum.org/#download and update if needed. Very old versions have trouble connecting.

From https://play.google.com/store/apps/details?id=org.electrum.electrum&amp;hl=en

Current Version
3.3.2.0

Requires Android
5.0 and up

Kit Kat is 4.4

&#x200B;

did you install this one? https://play.google.com/store/apps/details?id=org.electrum.electrum

on google play, you can see all applications that you have ever installed. so even if you removed it, check your history and confirm if is that one. you have to verify the id.

Legacy addresses represent a significant part of The Bitcoin system, more than 80% of mined coins are stored in legacy addresses, even Satoshi's 1,100,000 BTC. My recent withdrawal from Binance also came from a legacy address, which apparently Binance uses A LOT:

https://blockchair.com/bitcoin/address/1NDyJtNTjmwk5xPNhjgAMu4HDHigtobu1s

They shouldn't disappear as an option in the best mobile wallet overnight, just like that - gone. Should have been kept as an option and let us choose whether to use them or not.

>I kept the in Electrum 4.0.9 MacOS Big Sur, I downloaded the wallet from electrum.org.
I bought the BTC from ShitCoin.club ATM in 2020 using the ATM's generate paper wallet feature. I imported the wallets in my Electrum and no where else. I checked my wallet about 1 o month since then.

https://www.reddit.com/r/Electrum/comments/gqyyls/comment/frvmwcq/?utm_source=reddit&amp;utm_medium=web2x&amp;context=3

also another update is mentioned under notes for windows users here:

https://electrum.org/#download

Thanks for your fast reply! How do I import the key? Is the one I downloaded from Ubuntu's servers also valid?

I am concerned as I can not find anywhere on trusted websited the Sombersnight fingerprint: 0EED CFD5 CAFB 4590 6734 9B23 CA9E EEC4 3DF9 11DC

It is not pointed out in the documentation as the ThomasV's signature. I can see it being present on old pages in electrum.org, but when I try to access them, even using the Google Cached option, it is gone.

And the other sites I found it cited are hacking sites (like winning from the lottery), a site trying to redirect me to a porn site, etc.. and this makes me very suspicious.

Thank you very much for this comment. This allowed Kleopatra to go through the operation but it said that the data could not be verified which seems odd however since this my first attempt in running signature verify I was curious to know what your thoughts were on the output below:

gpg: Signature made 6/17/2021 8:57:16 AM Eastern Daylight Time

gpg: using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6

gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <>" [unknown]

gpg: aka "ThomasV <>" [unknown]

gpg: aka "Thomas Voegtlin <>" [unknown]

gpg: WARNING: This key is not certified with a trusted signature!

gpg: There is no indication that the signature belongs to the owner.

Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6

>What do you mean 'verify the download'?

https://electrum.org/#download read the part titled "How to verify GPG signatures". Normally you don't have to but I tend to be a bit paranoid.

I went directly to Electrum.org to download it. Don't know how to check the signatures. I'm on Windows 10. I even went back and downloaded the exe file again and still got same result

The public key that you imported is for the file published on electrum.org. The Github folder is for files signed by other developers, as indicated on the download page: "Linux and Windows builds are reproducible, and signed by several developers. See the list here"

I have the version of electrum (build 18 december 2020, version 4.0.9) installed on my mac the 24 december. I have installed from electrum.org the version they give to us now, so also the 4.0.9

I have made a comparison between files and contents of files, on mac :

diff -r /Applications/Electrum.app/Contents /Applications/Electrum_old.app/Contents

The two are the same. I check the PGP of the version i've downloaded right now and the PGP signature is good. It seems my version installed the 24 December is the good version.

I don't know but you can use the command line to do it.

save ThomasV's public key and import it using the command

gpg --import pathTo\nameOfFile

download the executable file and the corresponding signature

then do

gpg --verify nameOfFile.asc nameOfFile

it should say

Good signature from "Thomas Voegtlin (https://electrum.org) <> Primary key fingerprint: 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6

yeah you need to download the signature for the app image as well, place it in the same directory as the app image and pass it as first argument to that --verify command.

the sig is right next to the appimage download link

https://electrum.org/#download

1) Just verified and it was good

2) Running antivirus now

3) never shared, I entered onto electrum wallet to sweep, typed into notepad++ to verify length (bad idea)

4) must be some malware somewhere?, keystroke logger? sceenviewer? - other targets? notepad++? signed electrum?

Lessons

- don't use paper wallets (this was my last one from ages ago)

- verify downloads (even though it was legit this time)

- When moving large amounts, pay large fees (a bigger fee and it would have confirmed before the hack to happen) - 8 hours between my transaction and the theft one.

- if doing crypto even with hardware wallet, use a dedicated computer just for that and keep it offline mostly and minimal software footprint.

--

What should I do with the computer?

gpg: Signature made 19/12/2020 8:07:22 AM New Zealand Daylight Time gpg: using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6 gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <>" [full] gpg: aka "ThomasV <>" [full] gpg: aka "Thomas Voegtlin <>" [full]

gpg: Signature made 19/12/2020 8:07:22 AM New Zealand Daylight Time gpg: using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6 gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <>" [full] gpg: aka "ThomasV <>" [full] gpg: aka "Thomas Voegtlin <>" [full]

gpg: Signature made 19/12/2020 8:07:22 AM New Zealand Daylight Time gpg: using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6 gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <>" [full] gpg: aka "ThomasV <>" [full] gpg: aka "Thomas Voegtlin <>" [full]

Thanks. Not technical enough to do that.
I'm here: https://electrum.org/#download Signature here: https://download.electrum.org/4.0.9/electrum-4.0.9.dmg.asc Highlight all, "Services > Verify signature of selection" Return: "Verification failed: no signatures found within the selection."

What did I miss?

I downloaded as usual from the official website https://electrum.org/#home Tho I didnt check with the GPG signature because I don't know how, I imagine is not difficult to understand. Can you please explain step by step please? Thank v.m.

Bullshit. It looks just like electrum.org. The linux link is legit, which is clever. The windows links are to some user's dropbox directory.

No way in hell that is legit.

> It's all covered in the two manuals. It describes (in excruciating detail) exactly what you should see when you do the check.

> https://electrum.org/#documentation

specifically

> For the record an invalid sig looks like this:

source: the manual.

The validity check has determined that your download is not valid. Delete your download and try again. Possibly run a virus check or reinstall your OS.

Reminder of what success and failure look like:

• SUCCESS: Error: Data could not be verified
• FAILURE: Error: Invalid signature

source

If you want to mute the errors you have to sign the ThomasV key using --lsign-key

PS: Please read the manuals in the future

> gpg: Korrekte Signatur von "Thomas Voegtlin (https://electrum.org) <[email protected]>" [unbekannt]

This means your file checksum is valid

> gpg: WARNUNG: Dieser Schlüssel trägt keine vertrauenswürdige Signatur!

This means you haven't trusted the ThomasV key. You can fix it with the --lsign-key option in GPG

What's your current version?

Normally, as long as you get the installer from electrum.ORG, the official site, you can always upgrade Electrum. In fact, its advisable to use latest version, so it should always be upgraded. Specially, versions before 3.5 have a well known attack vector, and should not be used.

yes, the updater hasn't been triggered yet. probably do to a slow rollout amongst enthusiasts first to work out any issues.

make sure to verify your download before updating.

https://electrum.org/#download

It writes this , only it adds the following (somewhat disturbing) line:

gpg: WARNING: This key is not certified with a trusted signature!

gpg: There is no indication that the signature belongs to the owner.

the key was taken of course from https://electrum.org/.

To be sure, you should check its PGP signature for authenticity.

If it comes back signed by Thomas Voegtlin you should be good.

• gpg: Signature made Wed Jul 8 15:22:08 2020 +07
• gpg: using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
• gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <>" [full]
• gpg: aka "ThomasV <>" [full]
• gpg: aka "Thomas Voegtlin <>" [full]

This is likely due to #6345 which affects Electrum 4.0.1.

We released 4.0.2 to fix this issue; but it might take days to become available on Google Play (depends on the store). Meanwhile, you can download the APK from the website (electrum.org, see sidebar) to update.

usually users who face this problem don't realize that each software file from electrum also has a corresponding digital signature that you have to download. the signature link is right there on the download page next to the software. the signature, the electrum software and Thomas' public key are all required to verify the download.

>oddly enough Electrum prompted me to update wallet. Once the wallet has been updated I opened electrum back up again and I couldn't open that updated wallet because the unsupported seed warning appeared. I opened my legacy (non-segwit) wallet and it prompted me to do the same update. I didn't do it this time for safe measure.

You downloaded (or "upgraded to") malware.

Your might try backing up the wallet file, completely removing the malware wallet and download a fresh copy from electrum.org.

The safest thing is to recreate the wallet using seeds on a known authentic Electrum. Unfortunately if you don't have the seed words you are probably out of luck.

Oh I am on 3.3.8 Electrum on Windows at the moment. I installed using the Windows Installer on https://electrum.org/#download. What I can do is uninstall Electrum completely from my machine and install it fresh through git. This way I can have the electrum git repository and I can run the checkout command. The problem is, I am not sure how to do a fresh install of electrum via git.

Did you verify the signature of the installer you downloaded?

https://electrum.org/#download

He means to reformat your computer from a clean slate. You may as well download a free version of Malwarebytes and run a scan for the heck of it. Might find a malware that could be responsible for what happened.

So to get this straight, upon receiving Bitcoin in your Electrum wallet 14 hours from the time you withdrew, the Bitcoin was immediately sent out to the unknown address? Do you allow remote VNC on your computer?

Simple answer:

1. Store your existing wallet seed words in writing off the computer.
2. Delete your current (old) version of Electrum completely
3. Download current Electrum only from <em>electrum.org</em> and verify its gpg signature if you can
4. If it does not pick up the old wallet when starting create a new wallet and enter your seed words from #1

This should give you a current, usable setup.

Cardinal rules of Electrum:

1. Download only from electrum.org and verify the GPG signature
2. Store your seed words securely in writing off the computer
3. Never share your seed words (or keys) with anybody

Cardinal rules of Electrum:

1. Download only from electrum.org and verify the GPG signature
2. Store your seed words securely in writing off the computer
3. Never share your seed words (or keys) with anybody

i downloaded the electrum wallet from github before i found this. since it doesn't connect to the server i wanted to check for updates. according to my virusscan the version from electrum.org contains a threat BV:Miner-CT (PUP). What is it? How do i get the wallet running on my Mac (incl. Ledger Nano). it seems to me very complicated compared to other wallets.

Works fine for me after downloading just now:

$ gpg --verify electrum-3.3.8.exe.asc gpg: assuming signed data in 'electrum-3.3.8.exe' gpg: Signature made Thu 11 Jul 2019 10:26:15 AM EDT gpg: using RSA key 6694D8DE7BE8EE5631BED9502BD5824B7F9470E6 gpg: Good signature from "Thomas Voegtlin (https://electrum.org) <>" [full] gpg: aka "ThomasV <>" [full] gpg: aka "Thomas Voegtlin <>" [full]

Are you sure you have ThomasV's key imported correctly (it's in the code block above)?

It is a very small but real possibility - this is why it is recommended to verify the cryptographic signature of all important software like Electrum even if it is downloaded directly from electrum.org. I described the much more likely scenario in my answer to the question above.

It is also possible that you had a malware version installed before updating that created and broadcast the fraudulent transaction. You did not see it because many of the original malware wallets were "locked out" of the network when the sybil attacks began in early 2019 forcing users to upgrade. When you updated to a current, likely legitimate wallet (if it was from electrum.org) than the new wallet simply showed the transaction that had already been posted.

If you "upgraded" your previous electrum using a pop-up screen this is 100% the case. See my answer below also.

there's a separate link titled signature next to each application download link on the download page:

https://electrum.org/#download

download the corresponding signature and verify it. i suggest only using the installer version because it'll be easier. you can delete the standalone one.

I go to electrum.org/#download and click on the signature links for the windows installer and standalone executable (and I've tried a few others) and I copy the signature into either gpa or kleopatra's clipboard and click verify. Obviously I've added Thomas V's public key into my keyring and I have checked the fingerprint with public sources. When I verify from gpa's clipboard it says "bad signature" and then thomas v's email, etc. When I press "decrypt/verify" from kleopatra's notepad it says "decryption failed" but then when I click on details it also says "bad signature". I'm sure it's probably an issue on my end, and I'm pretty new at all of this, but I've been using pgp decently for a little while so I don't understand what simple thing I'm missing.

>It makes me think that anything, even gold buried in coffee cans, and cash under a mattress is more secure than Bitcoin.

This is 100% user error, not a BTC / Electrum issue. The user downloaded malicious software whether through ignorance or carelessness. As 99.9% of the "I lost my bitcoins" show this ecosystem is terribly unforgiving of either.

I and many others have posted approximately 4,398,437 times the cardinal rules of Electrum:

1. Only download from electrum.org
2. Verify your download
3. Keep your seed words stored securely off the computer in writing

I think you may be confusing wallet with blockchain. Any transaction that is confirmed is recorded to the blockchain and, after approximately 5-6 confirmations, impossible to reverse (using current technology). Electrum wallet simply stores the cryptographic keys that allow you to access that BTC - they are not stored in your wallet. Think of Electrum (or any wallet) as a keychain.

Just like your actual keychain they will work forever but are only as safe as you keep them.

3 cardinal rules for Electrum:

1. Only download from electrum.org and verify the download
2. Backup your seed words in writing off the computer in a safe place - treat them as you would printed BTC from your wallet
3. Never share your seed words (or public keys) with anyone

Aaah, oK. Yes, seems there is a bug in 3.3.8 exactly on this. Good find! Erm, any insight on when a released version might come?

It is indeed via a payment request, and there is a manual option (but requires emails, longer delays, and well, trust). I'll try the downgrade option getting direct from the Electrum.org site for sure (thanks).

Question though: do I uninstall 3.3.8 from Windows now before, then try installing 3.3.4 version from scratch --or can I install 3.3.4 over existing 3.3.8? Sorry, just there's no FAQ on how to do it. Much appreciated for your help btw!

If he's using 3.3.8, could he not just import the signing key and signature file from electrum.org and run the verification on the original installation file (assuming he didn't delete it after installing)? Obviously it would've been better to do this before installation, but this would at least rule out a malicious copy of electrum and point to a keylogger or stolen seed as the cause of theft, no?

Hello,

i use Electrum Ver 3.3.8

i log to my wallet to see how the bitcoin value was going.

what a shock to see that my wallet have been emptied !?!? ( see picture)

How could this happen ?

i have a strong credential

always upgrade from electrum.org

Does anybody can help me on this ?!

I think i just lost any trust in Bitcoins ....

Thank you in advance to anybody who can help.

The snap repository software is not official software. In fact, the bitcoin core snap was, at least at one point, compromised by its "packager" and included a stealth shitcoin miner. I would not trust those packages.

Please install Electrum only from <em>electrum.org</em> using either the AppImage (the easiest and most straightforward choice) or the python tarball from the top section of the download page and report back if you still have problems.

The Electrum Tails upgrade guide has good instructions on how to use the AppImage that works for nearly any linux - you can ignore the Tails parts.

You've most likely fallen victim for the old electrum server message exploit where a electrum server hosted by a fraudulent party is sending old electrum wallets a message to update their wallet and providing a link to a website that looks identical to electrum.org which is the only official website for the electrum wallet.

Once the fraudulent wallet is installed it waits for btc to arrive, once it arrives it instantly passes it on to the owner of the fraudulent electrum software.

Your money is lost, some clever guy just took your money.

If u/d3vrandom's guide doesn't fix it we need more info to triage:

1. Operating system
2. Specific version of Electrum downloaded only from <em>electrum.org</em> and how you installed/use it - i.e. Full install, AppImage, portable exe, etc.
3. Network specifics (Tor, WiFi, eth0) and whether you can connect to the internet otherwise - i.e. using a browser
4. What specific servers you've tried to connect to

Neither of these would help after downloading malware.

The first two prime directives when using Electrum are:

1. Download only from electrum.org
2. Secure your seed words in writing off the computer before using.

>built in check for updates option within the application. its at 4.0.0 atm

This is a well-known malicious (fake) version that does not exist officially.

STOP RIGHT NOW.

With your computer not hooked up to the internet make sure you have your seed words stored securely off the computer.

Delete all traces of this wallet from your computer.

Download a current, legitimate wallet only from <em>electrum.org</em> and reenter your seed words when setting up the wallet.

You may not have lost all your coins but it is certainly possible.

There aren't any kind of analytics in the code. This is not spyware. Hence nobody knows.

Anyone can run from source, and get the source in any way really, so it's impossible to tell.

Re download count from electrum.org, I think that might exist (it's certainly possible in theory), but I don't have them.

You can look at the Google Play store listing, re users on Android.

From https://electrum.org/#download:

"Old versions of Windows might need to install the KB2999226 Windows update."

Windows 7 is end of life and not receiving updates any more. You may want to use Tails (USB) to run Electrum instead.

Windows 7 is going to be EOL early next year so I don't recommend using electrum on it. If you want to do it anyway then see the note for windows users on the download page: https://electrum.org/#download

Either:

a) you have a fake/malicious wallet that is reporting version 3.3.8. Given that you use Tails this is unlikely. If you use Tails version 3 you should download the AppImage only from <em>electrum.org</em> and check its GPG signature.

b) your wallet has been compromised, usually through someone else having access to your physical computer (or Tails USB) or you have inadvertently shared your seed/keys somehow.

Figuring out a is straightforward. B may take more work but would have likely compromised any wallet, not just Electrum.

If you download the exe only from <em>electrum.org</em> then verify the GPG signature you are assured that you have the original exe compiled by the devs bit-for-bit. There is no more secure method than that.

The other option is to run the python code yourself (it doesn't need compiling) that you pull directly from github.

As shown on the download page (https://electrum.org/#download), the minimum MacOS version currently is 10.11.

This is because the version of the Qt framework that Electrum uses requires MacOS 10.11.

You need python 3.6 and electrum 3.3.8. Anything older is not safe. If you can't get python 3.6 on debian wheezy then it's time to update to the latest stable.

To install electrum download from electrum.org. Debian's repos have old versions so you can't rely on them.

Windows 10, definitely https://electrum.org/#download. Not sure what else I can remember tbh. The past few years have been just a big blob/blur to me unfortunately.

I had transferred my funds from binance to this wallet also. My binance password was not the same as the wallet password.

Don't let it be complicated.

Download only from electrum.org and you have eliminated 99% of the potential problems.

You will gain far more at this point from learning how to use BTC and Electrum securely.