diff --git a/electrum/crypto.py b/electrum/crypto.py
index 40101200e..62f7b9148 100644
--- a/electrum/crypto.py
+++ b/electrum/crypto.py
@@ -229,7 +229,10 @@ def pw_decode(data: str, password: Union[bytes, str, None], *, version: int) ->
     if password is None:
         return data
     plaintext_bytes = pw_decode_bytes(data, password, version=version)
-    plaintext_str = to_string(plaintext_bytes, "utf8")
+    try:
+        plaintext_str = to_string(plaintext_bytes, "utf8")
+    except UnicodeDecodeError as e:
+        raise InvalidPassword() from e
     return plaintext_str
 
 
diff --git a/electrum/tests/test_bitcoin.py b/electrum/tests/test_bitcoin.py
index 1cca2ab33..35d7770c4 100644
--- a/electrum/tests/test_bitcoin.py
+++ b/electrum/tests/test_bitcoin.py
@@ -254,6 +254,11 @@ class Test_bitcoin(ElectrumTestCase):
             enc = crypto.pw_encode(payload, password, version=version)
             with self.assertRaises(InvalidPassword):
                 crypto.pw_decode(enc, wrong_password, version=version)
+        # sometimes the PKCS7 padding gets removed cleanly,
+        # but then UnicodeDecodeError gets raised (internally):
+        enc = 'smJ7j6ccr8LnMOlx98s/ajgikv9s3R1PQuG3GyyIMmo='
+        with self.assertRaises(InvalidPassword):
+            crypto.pw_decode(enc, wrong_password, version=1)
 
     @needs_test_with_all_chacha20_implementations
     def test_chacha20_poly1305_encrypt(self):