Electrum Bitcoin Wallet in Whonix ™ Development Notes
To mitigate the risk of a known exploit, Electrum versions older than v3.3 are prevented from connecting to public servers.   This step was necessary to prevent user exposure to phishing messages.  If you have an Electrum version older than v3.3 installed, then it is necessary to upgrade.
At the time of writing (July 20, 2019) the Electrum website (https://electrum.org) was the target of a large DDoS attack. To follow developments, refer to this Whonix forum thread.
This prevents users from downloading the Electrum AppImage using file downloaders like scurl and wget. If you are affected by this issue, the downloaded AppImage and signature will show the corresponding file to be composed of an HTML document and ASCII text. This means there are limited options for securely downloading a functional Electrum version right now.
For greater convenience and security, the Electrum AppImage was installed in Whonix ™ by default as part of the
binaries-freedom package. 
Previous Advice Given to Users prior Creation of binaries-freedom Package
While it is usually strongly recommended   to install software from the Debian repositories, the latest available package is too old and will not connect to public servers. This means Debian's official package manager (
APT) cannot be used to install a working Electrum version.
The best option at present is to install Electrum from the official website, although it is currently being attacked (see the notices section). The following instructions provide steps to verify the AppImage, but keep in mind the risks involved with manual software installation, particularly if the server infrastructure is under assault.
- ↑ https://github.com/spesmilo/electrum/issues/5183
- ↑ https://github.com/spesmilo/electrum/issues/5190
- ↑ For further details, see: Github Electrum issues.
The latter package has been added to
whonix-workstation-packages-recommended-gui, see: Install Electrum by default.
- ↑ See: Install Software: Best Practices.
Installing software best practices:
- Prefer APT: it is generally safest to stick with Debian's official APT package manager.
- Avoid Third Party Package Managers: there are many third party package managers besides APT, however many lack the security safeguards that are standard in Debian.
- Avoid Manual Software Installation: generally avoid the manual installation of packages, even trusted ones.
- Always Verify Signatures: for greater system security, the installation of unsigned software is strongly discouraged.
- Prefer Packages from Debian Stable Repository: if deciding to install new software after considering the risks, then prefer Debian's stable repository rather than the testing / unstable or third party repositories.