Author: Gregory Maxwell 2012-11-15 23:45:09
Published on: 2012-11-15T23:45:09+00:00
In October 2012, Gregory Maxwell expressed concern about the lack of description of Electrum's security model. He later got in touch with Thomas on IRC and discussed the security issues. Thomas took these concerns seriously and redesigned big parts of Electrum to eliminate the issues structurally. Electrum is now a slightly watered down simplified-payment-validation node and has generally the same security properties as other SPV nodes. However, it is more vulnerable to isolation and compromise by a high hash power attacker as it does not make an effort to ensure it is on the longest chain. Additionally, it is also more vulnerable to transaction hiding or DOS attacks for similar reasons. Despite this, the changes made to Electrum represent a massive improvement. The UI was also changed and the confirmation status of payments is no longer hidden. Although there are still areas for improvement in the client and security communication to users, Maxwell feels confident that any remaining issues will be resolved.
Updated on: 2023-05-19T15:48:59.421488+00:00