Leading Bitcoin Wallet

Protecting Your Funds from Malware and Other Risks

This page outlines critical security measures for Electrum users, emphasizing the importance of protecting funds from various cybersecurity risks.

Bitcoin operates differently from traditional bank accounts. When you use Bitcoin as intended, you have full control over your money. This is called non-custodial ownership. In contrast, when you keep money in a bank, the bank is responsible for its safety.

Electrum is a non-custodial wallet software. This means that once installed on your computer, Electrum gives you complete and exclusive control over your funds. Developers of Electrum cannot access, move, restore, block or view your Bitcoins.

While this level of control is powerful, it also means you’re responsible for keeping your funds safe. Unfortunately, this makes Bitcoin users attractive targets for cybercriminals. If someone gains unauthorized access to your computer, they could potentially steal all your Bitcoins.

It’s crucial to understand these risks and take steps to protect your digital assets.

Common Attack Methods

Malicious clone

One major risk is downloading a copy of Electrum from an unofficial source. Attackers often create fake websites that look like the official Electrum site. They promote these fake sites using Google Ads.

Remember: The real Electrum project does not use Google Ads.

When users search for “electrum” on Google, they might see and click on these misleading ads. This leads them to the fake website where they download a malicious version of Electrum. When run, this fake software looks like the real Electrum wallet. It asks users to enter their password to open their wallet. Once entered, the malware can send all the user’s money to the attacker or upload the seed words to the attacker’s server.

If you see an unfamiliar transaction that moved all your coins and your balance is now zero, you might have downloaded malware.

Defense

Only download Electrum from the official website. Always verify the GPG signatures to ensure the software is genuine.

Clipboard hijacker (aka Clipper)

Clipboard hijackers, also known as clippers, are a type of malware that targets Bitcoin users. Here’s how they work:

A clipboard hijacker is a program that runs in the background on your computer. It constantly monitors your clipboard for any changes. When it detects that you’ve copied a Bitcoin address, it quickly replaces that address with one controlled by the attacker.

The attacker hopes you’ll paste this fake address into your wallet without noticing the switch. This trick exploits the common practice of copying and pasting Bitcoin addresses when sending money.

Copy a Bitcoin address, then paste it into a text editor. If the pasted address is different from the one you copied, your computer might be infected with a clipboard hijacker.

Defense

Always double-check the details of any transaction before you approve it. This includes verifying the recipient’s address. Check the beginning, middle and end of the Bitcoin address as attackers try to use similar addresses that you copy.

Malware

When you use a standard wallet in Electrum on a personal computer, your funds can be at risk from various types of malware. Any program with sufficient privileges on your computer might access your wallet file and attempt to steal your seed words. More sophisticated attacks can even extract sensitive information from your computer’s memory (RAM), potentially capturing your seed words, private keys, or wallet password at the right moment.

Here are some common types of malware that target Bitcoin users:

  1. Remote Access Trojans (RATs): These allow attackers to control your computer from afar.
  2. Keyloggers: These record your keystrokes, potentially capturing passwords and seed phrases as you type them.
  3. Man-in-the-Middle Attacks: These intercept and replace wallet software downloads with malicious versions.
  4. Infostealers: This malware is specifically designed to find and steal sensitive data, including cryptocurrency wallet information, passwords, wallet files, and seed phrases.
  5. Screen Capture Malware: This type of program takes screenshots of your computer, potentially capturing sensitive information displayed on your screen.

To protect yourself from these threats, consider using hardware wallets or air-gapped computers for storing large amounts of Bitcoin.

Fake Support

Be aware of scammers posing as Electrum support on online platforms. Here’s what you need to know:

On forums like Reddit, Bitcointalk, or other social media, you might receive replies or private messages from people claiming to be “Electrum support” or “customer service”. These are not genuine. They often try to trick you into downloading fake software or revealing your seed words.

Remember:

  1. Electrum has no official customer service team.
  2. Genuine support is always provided in public forums, not through private messages.
  3. No one from Electrum will ever ask for your seed words.
  4. Be suspicious of anyone urging you to download a “new version” of Electrum, especially through a link they provide.

Defense

  1. Ignore private messages about Electrum support.
  2. Never share your seed words with anyone, no matter who they claim to be.
  3. Only download Electrum from the official website.
  4. If you need help, read Docs or ask in public forums where the community can verify information.

Stay vigilant and remember: if someone contacts you claiming to be Electrum support, it’s almost certainly a scam.

Backup Disclosure

Safeguard your seed phrases and private keys by writing them down on paper instead of storing them digitally. Paper storage offers protection against hacking attempts.

Be cautious about where you keep your written backups. For instance, a roommate might stumble upon a piece of paper containing your seed words and potentially access your coins.

Avoid taking photos of your seed phrase, especially if you plan to upload them to cloud storage. This practice significantly increases the risk of theft. Similarly, generating or entering your seed in public places can compromise your wallet’s security.

Remember, the security of your Bitcoin depends on keeping your backup information private and secure at all times.

Phishing

Scammers ask users to enter the seed phrase or private keys under the pretext of connecting, obtaining Bitcoins, to synchronize the wallet or claiming it is necessary to fix non-existent errors or problems with the wallet.

Planted wallet file

An attacker may secretly copy their own wallet file onto your computer. When you next launch Electrum, you unknowingly open the attacker’s wallet instead of your own. If you don’t notice this switch and generate an address to receive funds, any incoming Bitcoin will go to the attacker’s wallet.

This attack can occur even before you install Electrum. The attacker can place their wallet file in the default location where Electrum looks for wallet files. It may remain there undetected for months or years until you install and use Electrum.

Defense

Use password-protected, encrypted wallet files. Be wary if Electrum doesn’t prompt you for a password when opening your wallet. This could indicate you’re using an unfamiliar wallet file.

Defense, best practices

To protect your wallet, follow these practices, starting with basic measures and progressing to more advanced ones:

  1. Download Electrum only from the official website.
  2. Use Electrum’s built-in features to password-protect your wallet files.
  3. Store wallet files in encrypted containers using tools like Veracrypt or Truecrypt.
  4. Verify GPG signatures of the Electrum executable before running it for the first time.
  5. Avoid storing large amounts of money in hot wallets. Instead:
  6. Always double-check recipient addresses and amounts using a trusted secondary source before signing. Verify the address:
    • On the screen of each multisig cosigner.
    • On the display of your hardware signing device.
    • On the screen of your offline signing computer.

Help! My Coins Have Been Stolen!

Bitcoin transactions cannot be reversed. Unfortunately, if theft occurs, neither the developers nor anyone else can recover your stolen funds.

If you understand how the attack happened, please inform the developers. This information helps us track attack types and frequency, allowing us to develop better prevention and mitigation strategies for future threats.

For substantial thefts, consider filing a police report.

If you suspect the incident resulted from a software bug rather than malware, we encourage you to submit a detailed bug report. This helps us investigate and potentially fix any vulnerabilities in the wallet.

Remember, while we can’t recover stolen funds, your input is valuable in improving Electrum’s security for all users.

Can I Keep Using the Wallet?

After a theft, do not continue using your existing wallet or seed words. Any new coins sent to this wallet are likely to be stolen as well.

To secure your funds going forward:

  1. Format your computer and perform a fresh installation of the operating system.
  2. Download Electrum again, ensuring you get it from the official website.
  3. Create a new wallet by generating a new seed phrase.

These steps help ensure that your new wallet isn’t compromised by any lingering security issues from the previous theft. Remember, a new wallet means new seed words and addresses. Don’t reuse any information from your old, compromised wallet.

My Antivirus Has Flagged Electrum as Malware!

If your anti-virus software has identified Electrum as malware, this is likely a false positive. For detailed information on why this occurs and how to address it, please consult the relevant section in our Frequently Asked Questions (FAQ).

Table of Contents