Creating a watch-only bitcoin wallet in Electrum

An Electrum watch-only wallet can help you verify deposit and change addresses being displayed in the Casa app.

Why we like Electrum

Electrum is fully open source, and one of the best-maintained and most fully-featured projects in bitcoin. We also like that you never need to load your private keys into Electrum.

Unless you are running your own Electrum server, it is possible that by following the steps below, your total BTC balance could be gleaned by the third-party node that your Electrum client app is connecting to.

In the past, we have seen reports that blockchain analysis firms have run Electrum full nodes.

It is important to make sure you always connect with a VPN to make it harder to associate your IP address with your BTC addresses. To avoid this risk entirely, as a best practice it is recommended to run your own Electrum server (instructions here).

While Electrum will display your unused derived "future" addresses, you should only deposit funds to either the current address that the Casa app is showing you, or previous addresses that you have deposited to in your Casa vault. "Skipping" addresses in your keyset and depositing to later derived addresses may cause the deposit not to appear in your Casa app. This is due to what's known as the "gap limit" issue where some wallets, ours included, do not automatically scan past unused addresses to determine a user's balance or transaction history. If this happens, you must make deposits of any amount to the empty addresses within the "gap."

See Mind the bitcoin address gap for more details on the gap limit.

What you need:

Laptop or desktop that can run Electrum. We like Ubuntu or PureOS, but Mac and Windows work just fine.
Android or iOS device running the Casa app
Your hardware devices
(Optional) Encrypted messaging app running on both devices. We like Keybase or Signal.

🛎️ A note for non-Casa customers: This process will work with any multisig wallet. Just collect the public keys from your wallet provider and begin at Step 2.

A video tutorial here walks through the following steps:

1: Export public keys and derivation paths

To build your watch-only wallet, you will need to get the extended public key for each one of your hardware devices. This step will walk you through the process to export the mobile key and Casa Recovery Key from the Casa app.

Open the Casa app
Tap the key icon beneath the vault you want to watch
Tap "Recovery Key"
Tap "View Public Keys"
Choose "BTC Account"
Tap the Public Key beginning with "Ypub" to copy the key
Save it locally, or send it to yourself using an encrypted messenger
If applicable, repeat steps 3-7 for the Mobile Key
Tap "Hardware Key" (or "Home Key," "Office Key," or "Safe Key" if you have a 5-key vault)
Tap "View Public Keys"
Choose "BTC Account"
Tap the derivation path to copy it, will look something like m/49/0/0
Repeat steps 9-12 for any remaining hardware keys

Once you've gathered the public key and derivation path, transfer the data to the computer where you're setting up the watch-only wallet. Encrypted messaging services are a great option, or you can physically transfer the data via a USB drive. We do NOT recommend emailing the keys to yourself, since you risk exposing your account’s addresses to eavesdroppers. We also do NOT recommend trying to copy them out manually.

2. Download and verify Electrum

Bitcoiners have been targeted in attacks that use a fake version of Electrum, so we strongly recommend you verify the file's authenticity using GPG signatures. You can download Electrum from their site, and make sure you get the appropriate signature file and the developer's pubkey, too.

Linux:

Open terminal: CTRL-ALT-T
Update software:
```
sudo apt-get update
```
Install GPG:
```
sudo apt-get install gnupg2
```
Open downloads:
```
cd ~/Downloads
```
This location should have the Electrum download, the signature file, and the developers key
Import signing key:
```
gpg --import ThomasV.asc
```

Verify signature:

gpg --verify [electrum-sig-file.asc] [electrum-app-file]

Mac:

Open terminal: CMD-SPACE: Terminal

Install Homebrew:

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

Install GPG:
```
brew install gnupg
```
Open downloads:
```
cd ~/Downloads
```
This location should have the Electrum download, the signature file, and the developer’s key
Import signing key:
```
gpg --import ThomasV.asc
```

Verify signature:

gpg --verify [electrum-sig-file.asc] [electrum-app-file]

Windows:

Install GPG: Download and run installer
Open cmd: WIN: Command Prompt
Open downloads:
```
cd ~/Downloads
```
This location should have the Electrum download, the signature file, and the developer's key
Import signing key:
```
gpg --import ThomasV.asc
```

Verify signature:

gpg --verify [electrum-sig-file.asc] [electrum-app-file]

3. Set up your watch-only wallet

Once you've verified your download, it's time to run Electrum. The wallet setup process mimics the steps you took to set up your Casa account. This time, you'll be completing the process manually.

Open Electrum
Create a new wallet and give it a name
Select "Multi-signature wallet"
Select the appropriate number of cosigners (3 for the 3-key vault, 5 for the 5-key vault, 6 for the 6-key vault)
Select the appropriate number of signatures (2 for the 3-key vault, 3 for the 5-key or 6-key vault)
Click "Next"
Casa Recovery Key - choose "Use a master key" and click "Next"
Paste the Casa Recovery Key's Ypub from the file or encrypted chat and click "Next" (Note: ensure there are no spaces at the end of the key or Electrum will not recognize it)
Mobile key (if applicable) - Choose "Enter cosigner key" and click "Next"
Paste the Mobile key's Ypub from the file or encrypted chat and click "Next"
Hardware keys - Connect your device, choose "Cosign with hardware device," and click "Next"
Select your device, and click "Next"
Select "p2sh-segwit multisig" and enter the derivation path from the file or encrypted chat and click "Next"
Repeat steps 11-13 for any remaining hardware keys
(Optional) Set a password, or leave both fields blank and click "Next"

Electrum will now initialize your account and display your transactions. If you don’t see anything show up after a minute or so, that means something went wrong during the process and Electrum derived the wrong set of addresses, and you should try again.

4. Verify receive addresses

Now that you have your watch-only account active, let's verify your next receive address:

Open the Casa app
Tap the "Security" tab at the bottom of the screen
Select the appropriate account
Tap "deposit" to generate the next address
In Electrum, click the "Receive" tab at the top right of the screen
You should see the "Receiving address" displayed that matches the one in your Casa app
If it doesn't match, and/or the address in Electrum is red, tap "New" in Electrum and check that address instead
If you still do not see your Casa receive address, proceed to the next section to view all available addresses in Electrum

5. View multiple addresses

To avoid confusion, Casa only displays a single unused BTC receive address at a time. If you would like to prepare and verify multiple transactions at the same time, you can view all available receive addresses using Electrum:

Click "View" in the Electrum menu bar
Select "Show Addresses"
Click the Addresses tab
Filter for "Receiving" and "Unused"

For any questions about watch-only wallets, or anything else related to your bitcoin security, please reach out to us here.