Electrum [archive] is a popular Bitcoin wallet. According to the Electrum FAQ [archive]:
How does Electrum work?
Electrum’s focus is speed, with low resource usage and simplifying Bitcoin. Startup times are instant because it operates in conjunction with high-performance servers that handle the most complicated parts of the Bitcoin system.
Does Electrum trust servers?
Not really; the Electrum client never sends private keys to the servers. In addition, it verifies the information reported by servers, using a technique called Simple Payment Verification [archive].
The non-official thin client Electrum appears to be well-designed. It does not need to download/verify the blockchain and users store their private keys locally, which eliminates the need to trust third-party severs. This is an advantage over some other Bitcoin wallets which are affected by this: if the third-party server were ever compromised, all of the users' bitcoins could be stolen. There is also the possibility that the third-party could lose a user's private keys or walk away with them.
Note: To mitigate the risk of a known exploit, Electrum versions older than v3.3 are prevented from connecting to public servers.   This step was necessary to prevent user exposure to phishing messages.  If you have an Electrum version older than v3.3 installed, then it is necessary to upgrade.
While it is usually strongly recommended   to install software from the Debian repositories, the latest available package [archive] is too old and will not connect to public servers. This means Debian's official package manager (
APT) cannot be used to install a working Electrum version.
The best option at present is to install Electrum from the official website, although it is currently being attacked (see the notices section). The following instructions provide steps to verify the AppImage, but keep in mind the risks involved with manual software installation, particularly if the server infrastructure is under assault.
Note: The following instructions should be applied in Whonix-Workstation ™ (Qubes-Whonix ™:
1. Open a terminal.
If you are using Qubes-Whonix ™, complete the following steps.
Qubes App Launcher (blue/grey "Q") →
Whonix-Workstation ™ AppVM (commonly named anon-whonix) →
If you are using a graphical Whonix with XFCE, run.
Start Menu →
2. Import the gpg public key of Electrum developer Thomas Voegtlin. 
Securely download the key.
Display the key's fingerprint.
gpg --keyid-format long --import --import-options show-only --with-fingerprint ThomasV.asc
Verify the fingerprint. Should show.
In early-2019, the output is identical to the following image.
Figure: Fingerprint Verification
pub rsa4096/2BD5824B7F9470E6 2011-06-15 [SC]
Key fingerprint = 6694 D8DE 7BE8 EE56 31BE D950 2BD5 824B 7F94 70E6
uid Thomas Voegtlin (https://electrum.org [archive]) <firstname.lastname@example.org>
uid ThomasV <email@example.com>
uid Thomas Voegtlin <firstname.lastname@example.org>
sub rsa4096/1A25C4602021CD84 2011-06-15 [E]
Do not continue if the fingerprint does not match! This risks using infected or erroneous files! The whole point of verification is to confirm file integrity.
Add the signing key.
3. Download the Electrum AppImage.
Note: At the time of writing,
electrum-3.3.8 was the latest stable release. Before starting the Electrum download, browse to electrum.org/#download [archive] to verify the correct file path. Then download the file with scurl. 
5. Check the Electrum AppImage is not corrupted after download. 
To check the Electrum AppImage, run.
The following output indicates a corrupted and/or non-existent AppImage file.
electrum-3.3.8-x86_64.AppImage: HTML document, ASCII text, with very long lines
In that case, delete the file and try downloading the AppImage again.
6. Download the corresponding gpg signature.
It is necessary to verify the integrity of the AppImage with the correct signature.
Note: If users downloaded a later Electrum version at step 4, then modify the following command to match the corresponding signature file. 
7. Verify the integrity of the AppImage image.
Note: This command must be run in the same directory as the downloaded AppImage and signature.
gpg --verify electrum-3.3.8-x86_64.AppImage.asc
If the image is verified successfully, the output will show a "Good signature" similar to the screenshot below.
Figure: Good Signature 
The above "gpg: WARNING" can be ignored since it does not alter the validity of the signature related to the downloaded key. Rather, this warning refers to the level of trust placed in the developers signing key and the web of trust. To remove this warning, the developers signing key must be personally signed with your own key.
If the following "gpg: BAD signature" message appears, the Appimage has been corrupted or altered during the download process.
Figure: Bad Signature
In this event, delete both the AppImage and signature and either wait 10-15 minutes for the Tor circuits to change, or open up the Nyx Tor Controller in Whonix-Gateway ™ (Qubes-Whonix ™:
sys-whonix) and type "n" to create new Tor circuits. Wait for a random period of time before repeating the steps to download the AppImage and signature.
8. Change file permissions.
Make the electrum AppImage executable.
chmod +x electrum-3.3.8-x86_64.AppImage
Please refer to the official Documentation at docs.electrum.org [archive] for comprehensive instructions, as well as more advanced topics like Cold Storage [archive] of private keys.
To start Electrum on all platforms, run.
Qubes-Whonix ™ users are recommended to configure a Split Bitcoin Wallet [archive] to better protect their private keys. To protect against identity correlation through Tor circuit sharing, follow the instructions below (see Stream Isolation for more information).
Electrum: First Run
1. Configure a manual server connection.
When Electrum is started for the first time, users are met with the prompt:
"How do you want to connect to a server?".
Select server manually and press
Figure: Server Setting
2. Change the proxy settings.
The necessary settings are:
Next and the application should be fully functional.
Figure: SOCKS5 Proxy Configuration
Note: If Electrum is already set up but stream isolation was not enabled, then navigate to
Network in Electrum to bring up the server and proxy settings.
This step is optional.
1. Create folder
mkdir -p ~/.local/share/applications
2. Create a new file
~/.local/share/applications/electrum.desktop using an editor.
3. Paste the following contents.
4. Save the file.
The procedure is now complete.
The launcher can be found here:
Start Menu →
After installing Electrum, please consider making a donation to Whonix ™ to keep it running for years to come.
Donate Bitcoin (BTC) to Whonix ™.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)
Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].
Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.