Is MyEtherWallet Secure?
MyEtherWallet (MEW) is a free and open-source interface for Ethereum and ERC20 tokens that allows users to directly interact
with the Ethereum blockchain with just their web browsers. It among the most popular sites for creating and managing Ethereum wallets, but is it safe?
Recently, MyEtherWallet was hit with an attack that redirected some of its servers to a malicious phishing site in Russia, draining the wallets of unsuspecting victims who used MEW during the hours of the hack. This left many users to question the safety of MyEtherWallet and whether they should continue to use it in the future.
So, should you continue to use MEW?
To answer this, we will first explain how MyEtherWallet operates. Creating a MEW account will generate a public key and a private key, neither of which are ever stored
on the MyEtherWallet site. It is the sole responsibility of the user to back up their keys in a safe and reliable place (offline). The user can then access and send their ETH through hardware wallets (TREZOR, Ledger Nano S) or directly with private keys, mnemonic phrases, or keystore files.
Through an exploit in Amazon’s “Route 53” hosting system, the hackers were able to intercept DNS requests for myetherwallet.com to make their own server appear to be the rightful owner of the address. From there, they were able to redirect traffic to their own “MyEtherWallet” clone site, where victims handed over their private keys and seed phrases thinking that they were on the real MEW site. Fortunately, MyEtherWallet identified the hijacked servers and quickly rectified the issue, and only a few thousand dollars worth of ETH was stolen.
Accessing your wallet with a private key, keystore file, or mnemonic phrase leaves you vulnerable to these kinds of attacks. If you happen to land on a phishing site through no fault of your own, you will unknowingly deliver full control of your account to the hijackers.
The most secure way to access your MEW account, by far, is with a hardware wallet. Hardware wallets act as a master key, and feature added layers of security such as code scramblers to ensure that your private keys and phrases are never stolen from you. The codes are shown on the screen of the hardware wallet, rather than on the screen of your computer, so an onlooker will never be able to decipher your combinations. If you were to access a malicious site using a hardware wallet, the worst that a hijacker could do is redirect an outgoing transaction to his own wallet. This would be unfortunate, yes, but it’s a lot better than having your entire balance drained.
Two hardware wallets that we highly recommend are the TREZOR and Ledger Nano S. They are robust and reliable hardware wallets that have not failed us yet. They allow for easy management and storage of Ethereum and many other coins including Bitcoin, Bitcoin Cash, DASH, ZCASH and more (Yes, you can store your ERC20s on them too)!
In short, MyEtherWallet is still safe to use and will remain one of the most popular ETH management platforms, but it’s important for users to understand the risks of inputting their private keys or passwords into any centralized website. Hackers are getting craftier every day, and there is always the possibility that they will learn to exploit even the most trusted sites such as MyEtherWallet. To have peace of mind that your keys will remain safe, buy yourself a hardware wallet and ditch the keystore files.