This is a valid question. An electron implementation of moneypot has been created for a number of purposes, with the most notable one of them being: heightened security and privacy.
When you load the moneypot wallet in your browser, you assume that
moneypot.com belongs to "us", the "original" moneypot developers. However, through malice, error, or other circumstances, it can happen that either the domain name, or the wallet script is corrupted and or harmful. In that case, your browser will still load the "script": (read: wallet), as long as the checksum is correct, which can cause a loss of funds.
Using the electron wallet, you yourself specify the version of the wallet you'd like to use, and subsequently both the URL and the checksum. An attacker can in no way modify the code in such a way that the checksum is still valid, and thus, as long as the script was originally untempered with, cannot affect you.
An example of such an attack whereby the electron user is protected, and the web user is not is a domain hijacking. The web user will automatically load the new wallet file, whereas the electron user will attempt to load the originally specified script (with the original checksum), or nothing at all.
Additional privacy is attained because of the wallet's harded-coded policy of routing traffic through tor and tor alone. If access to tor is restricted in your country, you might not be able to use the wallet.
There are two ways you can verify the wallet signatures. First, you'll need to import our signing key, which can be found here. 3887 6AFC 1172 E3DF A17A 84BB 2E5F 4A83 BFE8 1B1B
Or, you can also import the key using the fingerprint.
gpg --keyserver hpk://keyserver.ubuntu.com --recv-keys 38876AFC1172E3DFA17A84BB2E5F4A83BFE81B1B
After that, you can either download the accompanying signature and verify that against your respective redistributable, which should check out.
Alternatively, you can calculate the hash of the redistributable yourself, and compare it against our signed hashes, which can be found here.
You might be wondering: how do I know I am loading the real wallet file? We will periodically update the latest version url to appear right below. However, as we have just explained, domain hijackings can happen at random. Therefore, it might be possible that the url linked below is also malicious.
To make sure you're not loading a malicious URL, please either visit our github and download the signature from there, or download it down below.
Make sure to verify the fingerprint matches the one on github. If you're in doubt, contact our support!
The current version URL is as following: (as can be found here on github.)
For which the signature is as following: (which can be found here on github)
As explained, the signature should verify with the key belonging to the fingerprint linked above.