How it works
Electrum is a Simplified Payment Verification (SPV) wallet for Bitcoin. Rather than downloading the full blockchain, it connects to a network of Electrum servers that index the chain and answer balance and history queries. Private keys are generated from a seed phrase, encrypted, and stored locally — they never reach a server. The client signs transactions on the user's machine and broadcasts them through whichever server it is connected to.
The software runs on Windows, macOS, Linux, and Android; there is no iOS build. It supports hardware wallets through plugins, multisig wallets, cold-storage setups where the signing key never touches an online machine, and fee controls including replace-by-fee and child-pays-for-parent. Since version 4.0, Electrum also runs a Lightning Network node. Releases are reproducible and GPG-signed by several independent builders, and the website itself requires two maintainer signatures before a binary goes live.
KYC & privacy
There is no signup, no account, no email, and no identity check of any kind. Electrum stores no user data because there is no user record to store; the wallet is software you run, and nobody onboards you.
The privacy caveat is structural, not policy-based. Because the client asks remote servers about its addresses, whichever server you connect to can see which addresses belong to one wallet and the IP that queried them. This is the metadata leak inherent to light clients. Electrum mitigates it: it can route traffic over Tor, lets users pick or rotate servers, and — most completely — lets a user point the wallet at their own server, at which point no third party sees anything. The default experience still trusts strangers' servers with address metadata.
Strengths and limits
The strongest claim Electrum can make is longevity without a code compromise. It has shipped since 2011, it is MIT-licensed and open source, the builds are reproducible, and the release pipeline is multi-signature. For a non-custodial wallet, the custody story is as clean as it gets: the keys are yours and the project cannot move funds.
The limits are real. Between 2018 and 2020, malicious servers exploited the fact that older clients rendered server error messages as rich text — attackers pushed fake "update" prompts that led users to backdoored binaries, and hundreds of bitcoin were stolen from users on outdated versions. The client code was never breached; the design that let a server draw a convincing message was. Versions 3.3.3 and later neutralised it, and the project blacklists hostile servers, but the episode is the defining entry on Electrum's record. There is also no formal third-party security audit — the assurance comes from open review and reproducible builds, not a named firm. The interface is dense and assumes the user already understands UTXOs, fees, and seed hygiene.
Verdict
Electrum is a wallet for people who already know how Bitcoin works and want a non-custodial client with a long, transparent history and serious cold-storage and multisig support. It is not a first wallet, and its server model demands that users either run Tor, run their own server, or accept the metadata leak. Download only from electrum.org and verify the signature. Grade: A- (8.6/10). Trust: TRUSTED.
Electrum rewards users who understand Bitcoin and punishes those who skip the basics — verify the download, run your own server or Tor, keep the client current. As a non-custodial wallet its custody and KYC posture are close to ideal; the server-trust model and the phishing history are the price of a light client. Grade: A- (8.6/10). Trust: TRUSTED.
