Last year, MyEtherWallet was reached by a hack with the ability to redirect their servers to a fake and malicious site (often called phishing sites) in Russia with the main objective to drain the wallets of absolutely unsuspecting victims who were using MEW during the time the hack was running, as mentioned, redirecting any funds that could have been sent during that period of time.
After the hack, a lot of users were terrified and were left pondering the question, “is MyEtherWallet safe?” and whether or not it’s still a safe Ethereum wallet option in 2019.
If this sounds interesting to you, let’s hop into it!
What is MyEtherwallet?
Taylor Manahan and Kosala Hemachandra founded MEW (MyEtherWallet) back in 2015, not long after Ethereum was created.
As the company has grown aggressively, numerous companies partnered with MEW as it continues to grow. Some of the largest ones include big guys like Bity, Kyber Network, Changelly, and Simplex.
NOTE: These latter firms are especially important to bear in mind since they allow users to trade fiat for crypto, ETH for BTC, ETH for ERC-20 tokens, and other such important pairs.
Should You Keep Using MEW?
To fully understand and be able to answer such pressing questions, let’s do a brief recap on how MyEtherWallet works and the best way to move your pieces within the platform to keep everything as safe as possible.
When you create a MEW account, both a public and a private key will be generated, and they will not be stored on the MyEtherWallet website.
The user will have full responsibility to save and to have a back up their keys in an offline safe, and trustworthy place. Users are able to access their accounts and send ETH by using a hardware wallet, such as TREZOR or Ledger Nano S (we’ll provide more info on these ones very soon in this guide), or in a more direct way making use of private keys, Keystore files, or mnemonic phrases.
NOTE: Mnemonics are tools to help remember different aspects or a large amount of information. It can be a rhyme, acronym, song, images, and also as in this example, a phrase to help remember a list of facts in a specific order.
Yes, MEW was hacked. Back on April 24th, 2018 alarms went off.
A scam artist developed a phishing hack which is becoming all too common in our day and age. What happens in these types of hacks is people access what seems to be the official website with no suspicion whatsoever. Little do they know that they are accessing a fake website that may look exactly like the site they were trying to go to. It’s almost impossible to get noticed because the site looks pretty much exactly the same. And this is what happened with the MEW site and many people were robbed of their ETH.
How can this happen? Sadly it is common knowledge that a phishing attack is most prominent with centralized services such as MEW since there is one central website/service it’s easier to target. Once someone goes into the fake website and puts in their personal info, they’re done for. Goodbye personal login info, goodbye security.
Prior to this, a MEW scam had also taken place in December 2017. This was within the mobile realm since users could find a MEW app within the Apple app store that fooled many since it was identical to a real MEW app. Of course, you could hardly tell it was fake as the icons looked pretty much the same.
Eventually, Apple did act and shut the app down but not before already compromising the user’s sensitive information such as logins.
Is MEW at fault for this?
MEW claimed since these types of attacks and hacks, the domain provider carried the weight if this unfortunate and is the domain’s sole responsibility.
Perhaps a simple error, but it broke MyEtherWallet security and facilitated the hacker the opportunity to easily redirect people this fake site and as a consequence, lose their ETH.
There are prime examples of how scammers can fool users and even tech giants like Apple. This particular phishing or fake app got through the entire system, which we may add, is more rigorous than most.
If this helps your perspective, it’s important for us to be aware this was something not under MEW’s control. Although it is true that it was hacked, a big part of this also has to do with Apple’s security and preventive measures against these types of fake apps.
Which is the most secure way to use our MEW Account?
With all the info provided above, how on Earth could I even trust MyetherWallet? If you’re needing a boost of trust and on how secure is MyEtherWallet, you will definitely want to learn more about hardware wallets. We can without a doubt say these are our winners when it comes to security.
A hardware wallet’s role is to be a passkey so it can provide additional security layers such as code salads to make sure your phrases or private keys are not stolen.
The codes appear on the main screen of the actual physical wallet you have, not on the screen of your computer. therefore, an external observer will not be able to come across your keys and other information that helps you access your MEW account.
There are always precautions to take though. While in general hardware wallets are much safer, there’s always a threat for hackers to be around.
Let’s say that for whatever reason you’re redirected to a phishing site. If you’re there trying to make a transaction with your hardware wallet, are you completely covered? We’re not going to lie, you’re never 100% safe but you would still be safer than if you didn’t have it.
The worst-case scenario we’ve witnessed would be that you actually do make an easy transfer to the hacker’s wallet, but on the upside, they won’t have access to all your information.
Sure, we know this is not something to be happy about, but it’s way better than being stolen off your whole balance, or at least, a big transaction.
We can recommend two options when it comes to hardware wallets such as the TREZOR or the Ledger Nano S. As we previously mentioned that both can be used with MyEtherWallet.
Both platforms are solid, trustworthy, and at this point, no big failures are reported. They let us handle and store Ethereum and many other coins such as Bitcoin, DASH, Bitcoin Cash, ERC20s, and more.
Accessing your wallet with a private key, Keystore file, or mnemonic phrase might place you in a vulnerable spot for these kinds of hacks or attacks. Therefore, if for some reason you land on a phishing site, this could not be your fault, but you will unknowingly deliver full control of your account to hackers.
Is MyEtherWallet Trustworthy?
MEW has made efforts trying to keep MyEtherwallet as safe as possible, after a call-to-action by affected users. One of the most well-know strides towards this is the creation of MEWconnect
What is MEWconnect?
MEWconnect is a mobile app for MyEtherWallet. It is often seen as a hardware wallet but actually, there’s no hardware in this game. It is available for all Android and iOS smartphones.
However, since we mentioned that MEW’s safety con noticeably increases by using a separate hardware wallet, you can use these instead of MEWconnect.
Whichever you choose, we guarantee that MyEtherWallet is dedicated to making every customer’s experience undoubtedly safe.
Steps to Make MyEtherWallet Safe
Follow these steps to understand how to navigate within MyEtherWallet in a secure way. Don’t expose yourself to danger, we invite you to take these safety precautions:
- The best option is to avoid any “get free ETH” ads. Steer clear of any giveaways period! Tempting and harmless as it may seem, certainly, this is often not true. Be mindful, there are no shortcuts. Instead opt for hard work, dedication, and more.
- Do not put in your login info until you’ve double-checked the URL. If something seems off, check it again and compare. Just one character or letter can make all the difference. Ignoring this could have a steep price.
- Emails from MEW or other organizations. Again double-check, in this case, the sender’s email. If you get a “suspicious vibe,” or requesting too much personal information, don’t reply and send it to spam. Also, don’t click on any links. Be very careful.
- Mining scams. There are lots of scams targeting MEW ERC20 wallets and coins. Be careful, if it sounds too good, do your research and find reviews and other people’s experiences. Don’t fall into the trap of “guaranteed mining results.” GPU mining can be very profitable if done correctly.
- Downloading MEW apps. First off, go to the official website and confirm they have official apps. After all, the most secure way to navigate will always be to hitting the links within the official websites.
So when it comes to the question: “Is MyEtherWallet Safe?” our answer is:
Yes, MEW is safe. Nonetheless, you should always keep in mind that the crypto worlds could still be dangerous. It’s a must you act in a responsible way. Now, if you do take and follow our advice in this guide, you can consider MyEtherWallet safe, as it is one of the safest wallets out there.
MyEtherWallet is a safe option to use and its popularity will continue to rise when it comes to ETH management platforms, but it’s extremely important for users to understand that entering private keys or passwords into any centralized website, involve risks. That’s why we went over several steps to help you do things in the most secure way possible.
We hope you have learned a lot, or at least enough to decide if MyEtherWallet is the best option for you and your ETH management.
Let us know your thoughts in the comments!
Jesus Cedeño is a certified doctor turned cryptocurrency expert, writer, and investor who lives in New York City. Jesús specializes in cryptocurrency product reviews, tutorials & technical analysis. Follow him on LinkedIn to stay up to date on his latest work on blockchain, decentralization and crypto investments.