Listed below is the process for each operating system. To verify the Electrm binaries using the signatures, you need to have GPG installed. This step should not be overlooked as users have reported malicious funds-stealing builds of Electeum existing in the wild. The signature files are for independently verifying the Electrum files were not tampered with.
Next to each download link there is also a signature file which can be downloaded.
No single point of failure: The server code is open source, anyone can run a server.One server going down doesn't cause user downtimes. Redundancy: You are not tied to a particular server, and the server does not need to know you.Hardware wallet integration: Many leading hardware wallets can interface with Electrum, including Coldcard, Trezor and Ledger.
Multi-signature: Dividing the power to spend coins between multiple wallets is supported.
New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin-as originally envisioned by Satoshi Nakamoto-and blockchain.Electrum 4.0.4 on Windows 7 with showing zero balance and a connected stateĮlectrum is a lightweight Bitcoin client, based on a client-server protocol.
Whenever an exploit or security breach occurs, it is never a bad time to give the friendly reminder that when money is at stake, you should always do your own research, double-check to make sure the digital currency wallet or exchange URL is genuine, and to ask any questions to the company’s administrators if you are unsure of a message you see on the site or an unusual request to update your software. The malicious Electrum wallet uses the 2FA code to steal the user’s funds and transfer them to the attacker’s Bitcoin addresses.This is a red flag, as these 2FA codes are only requested before sending funds, and not at wallet startup. When the user opens the malicious Electrum wallet, the app asks the user for a two-factor authentication (2FA) code.User clicks the link and downloads the malicious update.If the transaction reaches one of the malicious servers, these servers reply with an error message that urges users to download a wallet app update from a malicious website (GitHub repo).Users of legitimate Electrum wallets initiate a Bitcoin transaction.The attacker added tens of malicious servers to the Electrum wallet network.A ZDNet investigation discovered that over 200 BTC was stolen from Electrum wallet users in 2018 via the malware method where: This isn’t the first time hackers have exploited Electrum…Īttackers first began exploiting Electrum wallet users with this malware method in 2018. If users enter the requested code -and most do, thinking they are using the official wallet- they effectively give official approval for the malicious wallet to transfer all of their funds to an attacker’s account.” “Normally, these codes are only requested before sending funds, and not at the Electrum wallet’s startup. “They eventually end up installing a malicious version of the Electrum wallet, which the next time the user tries to use will ask for a one-time passcode (OTP),” says the ZDNet report. The attackers did this by sending Electrum wallet users a fake message telling them to update their wallet however, if they followed through with the fake update, malware was installed on the wallet user’s computer that stole their funds the next time they logged into Electrum. According to an investigation by ZDNet, hackers stole over $22 million (1,980 BTC) via the Electrum wallet from 2019-2020.