– Keeping Bitcoin Software Clean When Anti-Virus Programs Are Dirty

The Bitcoin qt software client (later renamed Core) has been around since Satoshi Nakamoto has released it in 2009, yet anti-virus programs like eGambit (on Windows) and AVG, Aegis and Avast (on MacOS) still detect it as a trojan or malicious miner. Even though the code is provably clean and has been scrutinized by thousands of security experts, while mining and validating nodes have existed separately since 2013, there are still pieces of software whose threat detection systems are flawed and biased against Bitcoin.

To counter this undeserved bad reputation and encourage people to e-mail the developers of their anti-virus programs, a few developers from Wasabi Wallet have created the #BitcoinIsSafe social media campaign back in January of 2020. At the time, I’ve written an article for Bitcoin Magazine to explain the phenomenon – and in the meantime I was pleased to discover that Bitdefender (the company whose antivirus I use) has fixed the issue.

So clearly, #BitcoinIsSafe has been a success and the message for across even to the coders who probably haven’t paid attention to Bitcoin in years or simply enjoy having their software detect false positives just because their competition doesn’t (in the minds of some users, this might be interpreted as “more efficient”).

However, the otherwise meritorious effort has only scratched the surface: Bitcoin Core might be the original and “official” Bitcoin wallet, but there are lots of other similar software programs that are also heavily scritinized, yet still get falsely labelled as threats. Electrum and Wasabi are two of the most popular desktop wallets, they have active development teams, and they also have their own critics and competitors who would gladly exploit any vulnerability or bug in the software.

Inspired by the #BitcoinIsSafe social media campaign, privacy and security advocate CoinForensics has Launched

According to CoinForensics (whom you should also follow on Twitter), his initiative aims to push anti-virus software developers to fix their biases against Bitcoin wallets. His project makes use of public data of anti-virus scanning results to keep track of all cases in which Bitcoin Core, Wasabi and Electrum get detected as threats. And though the situation looks statistically great (a great number of anti-virus programs have whitelisted Bitcoin wallets), the details are still worrying and may scare away potential Bitcoin adopters.

As of August 5th 2020, the Electrum wallet is detected as a trojan or malware by three Windows anti-virus engines: Cylance, Rising, and VBA32. And while Wasabi is clean on every Windows anti-virus engine, it’s flagged as a heuristic in six MacOS scanning apps (Avast, AVG, FireEye, Kaspersky, Sophos, and Zone Alarm) and eight Debian anti-virus programs (Aegis, Avast, AVG, Fortinet, Kaspersky, Qihoo-360, Symantec, and Zone Alarm).

It’s really concerning to see that some of the most popular security software apps flag Bitcoin wallets as infections, as they are trusted by millions of people and they have well-funded research labs. The fact that their scanning engines detect anything Bitcoin-related is a potential threat may be a good preemptive method – but generalizing it to include some of the most vetted and best-known Bitcoin wallets is simply ignorant and proves little concern for clearly differentiating threats from clean software.

For many years, Kaspersky, AVG and Avast have been recommended by computer magazines all over the world, and have built good reputation records with users. Some of them also offer free versions of their software, so it’s likely that millions of people run the programs to protect themselves from internet threats. But when some of the best-known and most vetted Bitcoin wallets get wrongly flagged, this only proves that the scanning engines are poorly optimized and have no differentiation between clean software and actual threats.

This negligence may very well prevent people from all around the world from attaining their financial independence. Before they can even use something as basic as a wallet, they will be scared by the anti-virus detections and assume that they either downloaded the wrong software or Bitcoin itself is a virus that’s going to ruin the files on their computers. And while the truth may be different, this first impression really matters.

Privacy and security aficionado CoinForensics understands the gravity of these unfortunate facts and offers help to the community with The website contains a comprehensive list of cases in which Bitcoin Core, Electrum, and Wasabi get flagged as viruses, and also features a useful contacts list so that bitcoiners can write directly to anti-virus developers and explain to them why their false positives are harmful. If you’re too lazy to write your own e-mail, the website also offers a handy template for which you should only replace the words in brackets (the anti-virus software’s name, the nature of the false positive, and your name).

So if you’d like to do something good for Bitcoin adoption today, all you have to do is open the website, copy the e-mail address which communicates with the support team of a problematic anti-virus software, slightly edit the template, and his “send”!

To learn more about Wasabi wallet, listen to this interview with lead developer and founder Nopara73.

Donate to the Bitcoin Takeover Project!

If you enjoy my world and would like to see me writing more articles, then please consider making a donation. You can send mainchain BTC to the address below, or route your transaction through the Lightning second layer on Tippin. Every amount counts, no matter how small.


If you’re a hardcore HODLer and would rather donate dirty criminal US dollars, use Patreon. You will get added to the Hall of Patrons and the exclusive Telegram channel, and also get unique insights about my content and plans.

Vlad Costea

I'm here for the freedom, censorship-resistance, and unconfiscatability. What about you?

So, what do you think?

Follow Me