But how did he manage to know the balance? I thought that the seeds and private keys are encrypted using AES-256-CBC, and therefore if you only have the file and without a password, you will not be able to know your balance.
The same way blockexplorers check for balance, just from the addresses or master public key.
Users do not need to paste their seed or private key to check their balance.
Electrum's wallet file is just a long .json human-readable data containing the addresses, transaction history, seed, master keys, some settings and other data.
If the user didn't encrypted the wallet file but set a password as seen here:
https://i.imgur.com/pklZTkS.pngAll those data are still accessible by Electrum and still human-readable except the seed and master private key.
Electrum will only ask for password when access to the encrypted data: the master private key or seed are required.
When making a bitcoin transfer, Electrum still requires a password to sign. So I really need help.
