Bitcoin Forum

From some days, my myetherwallet accounts going hacked and i feel, they have to apply any special security feature like google authentication so that only the authentication key holder can access his account because nowadays many slack mails coming and asking for re-validation of eth wallet and get people private key. If any special security feature like google authentication taken for every transaction on wallet, it will not possible for any hacker to get your key or make any transaction from your account.

Yes I agree with your concern my 2-3 friends etherwallet Ac got hacked. I think they should work on their Wallet & add some security feature. I am also afraid to use etherwallet most of the time if they add some authentication feature it will be have more worth.

I don't understand, how exactly did your MEW wallets get hacked? This is a reason om major concern!

most hackers use brute force. you only have to set a 50 character long password with capital letters, numbers and symbols. and hide your private key

Yes i full agree myEtherwallet security is very poor and hack many accounts. u safe ur key and not open myetherwallet account in google. u can use private window to open wallet account. not open slack email related Etherwallet this is 90% chance of hackers.

its very safe, you just need to use it wisely
put it on air gapped computer and make offline transactions
thats it....

There are only few people  affected with this. they hacked via slack they recieve a message  from the slack channel  and believe that its true they click the   phising link  given  almost the same  with myether but change one letters or number then suddenly all those noobs  enter their private key without checking the URL , thats why they get hacked .

Exactly, you can used it to make new wallets offline and store your all your pertinent details like private key and password to a safe location. Lucky for me I haven't been hacked or something because I'm very careful. And bookmark the site as well because if you just type it in your browser maybe one or two letters will cause you to go to a phishing site that will took all your ETH and tokens. Again, its our responsibility to protect our wallet, a lot of hackers have been prying on cryptocurrency now because their is big money involved. Be safe everyone.

Best defence from being hacked is your brain. Never input your private key of keystone file + password if you are not at MEW official site. But I agree about overall security drawback... I wonder why does MEW not make 2 factor autentification scheme to get access to your wallet through keystone file for example?!

Many people use myetherwallet because of the advantages they have, all the wallets have deficiencies and advantages included in security

If myetherwallet uses a two-tier verification system using a phone number it greatly minimizes the system vulnerabilityJif all transactions that will be done If using incoming code via message may be safe

Yes the best way to secure our wallet from hackers is to have the protocol to validate the real users or owner of that account or password authentication in short so it will be difficult to the attacker to hack some other account and avoid losing our credentials. :)

I think it should be added with more complete security features again because I think it is true myetherwallet quite vulnerable to hackers who could have broken the ETH coin that we have I think for the owner myetherwallet must seek accurate inpormasi for security obtained is not vulnerable by hackers if just mengandalka existing features alone I think it will not be a guarantee of the coin that we save. other than that of course the myetherwallet site developers must also be more respect for the unrest perceived by myetherwallet users.

All the hacks that I am aware about were because of the fake url links that were bombarded at different slack channels. If there is any other way that Myetherwallet got hacked I would like to know about it.

Check the URL as you enter the myetherwallet, it will needs you, there is a lot of fake mews.

Hey! Listen! MyEtherWallet is prepared for the Byzantium fork. You do NOT need to do anything.
Anyone who DMs you with some announcement on Slack is trying to steal your ETH!

My ETH hack too !!

My advice to login with MyEtherWallet Chrome Extension
like waveswallet has done !!

Check the URL as you enter the myetherwallet,theres lots af duplicate sites to steal your login credentials

Myetherwallet hasn't been hack.

Firstly because it's just an interface, there is no storage or website...
Secondly because if you've been hack, it's not because of myetherwallet, but always a human issue.

If your password has been hacked it's not because of myetherwallet, they don't store it. It's because of your pasword's weakness.
When you store thousands of euros, it might be usefull to find a strong password, not a 8 digit password... Except if you don't care loosing your money...

The other way to be hacked, is cliking on a false link. Some people send you to false myetherwallet link like my-etherwallet.com or other stuff.
Don't clik on it... Or it will send your password when you type it, to the hacker...


Good luck and sorry for your loss

Well said. I think users need to be aware that MEW can be brilliant in its simplicity, but only when used in a safe way - which is the obligation of the user, not MEW.

It's your own responsibility to not click links or get your computer infected.
MEW is fine as long as you use it wisely.

 I've been seeing to many MEW users are being hacked. May I ask what you usual activity why some are getting hacked? Because for me the security is good.

* I make sure that when I join campaign, public key is what I give not my private key
* I don't click scambots from slacks or any links that will require to access my MEW account
* I make sure my PC and Smartphone are the only devices I use to access my MEW

Are these measures can still be hacked? I mean, anything that will add more to secure my MEW? There are lot of options to open MEW but for now, only private key is what I use.

Although, I have not been a victim of hack but at the same time it shows that there is room for improvement on their part to have necessitated such rampant hacking. My etherwallet is one that have been the home of all ETH wallets we have around and to me, its just like Electrum in the case of bitcoin and if they can no longer live to the expectation of people who entrusted funds in their care, then they don't have right to be in the crypto business. Also, there is a need for individuals to be more careful in links clicked for verification and the likes.

Maybe you are already doing this, but bookmark MEW. So you can be sure you have followed the correct url.

Exactly! MyEtherWallet has never been hacked.

I think many people are still confused about what MyEtherWallet is. MyEtherWallet is NOT a web wallet. They do not store your funds. They do not collect or transmit your sensitive information (like your password or private key). You do not have an account with them. MEW simply gives you a way to interact with the ethereum blockchain via their UI. The ONLY thing they send is your ETH address in order to get the balance and when you generate a TX, they broadcast the signed transaction to the blockchain. That's all.

'Hacks' usually happens due to the user accessing a fake MyEtherWallet site. Aka phishing.

Maybe in the frontend, we can see that it's less secure because it doesn't have any 2-factor authentication or so. I think, Private Key is enough to make our wallet secure but one question that gets into my mind is that what if you forgot to close your wallet (browser) and somebody uses your computer? Of course he can see your private key, right? So i think, all we have to do is for us to be vigilant at all times. When using myetherwallet.com, always look for the MYETHERWALLET LLC (US) certificate to make sure you're in the legit website and not the phishing site.

never had problems with mew, but I can see how easy it is for hackers to steal private keys, etc. People don't get educated enough. What was that ICO that was doing a sale through emails? And then the hacker simply just changed the action button of "invest now" from the email template, redirect it to his wallet and done, people fell for it. Simple as that.

Yes, they can!
Using an unencrypted private key is generally a bad thing. I can think of several other scenario that a MEW user can lose his funds that wasn't phishing.
Keyloggers, malware, leaving your private key in a physical location for someone to find, remote access to your computer via software like TeamViewer, interception of the key when it was copy/pasted, etc.
The keystore file is a slightly safer option whereby it is the private key that is encrypted with a strong password of your choosing (the password that you entered when you generate your wallet). Hence, even if you lose your keystore file, there is still a hope that the attacker will not be able to crack the file and access your wallet.

With so many new participants in the crypto world, hackers and phishers are taking advantage of this. Fake links, leading to fake urls, where privat keys are then stolen. Always check the url, always.

we must be more careful of whatever is at risk. I also hope that the future of myetherwalet can be more secure, as input when we will login must be singkron with no personal cellular.

While that features are still on our minds, due diligence is what we really have to do. Only access your MEW with your address. If when going to the site and the address option don't show, then you are entering a phishing site. That's how smart hackers are so we have to.be smarter than them.

Who is there to blame, myetherwallet or peoples mistakes?
Users have to be careful when they are clicking on links and should always double check every link where money is involved and there will be no problems with hacked accounts and stolen funds.

Yes to many link phising of MyEtherWallet now,  everyday i got that link phising via slack . I agree, MyEtherWallet account need more security like need to add fitur google authenticator like all exchange, to be more secure. To protect MyEtherWallet from link phising make sure login from bookmark link. Never click link of MyEtherWallet except from bookmark link is very important to keep MEW account  from hacker.

best is to use new myetherwallet for each ico or airdrops..and dont keep all funds in one wallet

I total agree with you. I think Devs have to apply some new security to protect personal etherwallet. Before that, Users must be careful with their activities. Don't click any strange links.  :-\

I have been using myetherwallet for months, and i never had an issue with them, it is one of the most secure wallets that i have used since i started to use cryptocurrencies, and their security meassures are so good mate, you can unblock your wallet via your json, private key, password and a lot of more stuff, i dont understand how you could be hacked, it is almost impossible because you have a lot of tools to grow your security in there.

Myetherwallet security is not that weak. the problem is that many of these black hat hackers looks for loopholes alot. some of them spend months studying ways and how to steal coin from peoples wallet however most of accounts being successfully hacked are caused by users. e.g account with passwords that have dictionary meanings. also it has been confirmed that some hacker usually have remote access to your computer when you install cracked antivirus which allow them to steal your private keys

Tools like MEW are created to make our life easier, not to make us knowledgeable enough to use wisely. If you can easily get hacked in the way most people use it, that simply means they need to change their security feature or people will leave. Of course, it's my responsibility to keep my money safe. However, it's their responsibility to make it easy to use their service safely if they want more people like it.

Lol you dumb it is impossible for anyone to hack you myetherwallet unless he knows your password and has tge utc file. Both are impossible to get as utc file is normally stored on your desktop unless your desktop is compromised getting the password is also hard.
You might have lost it because of the phishing that have veen occuring lately you should always check the site and vetter to bookmark the site to avoid future incidents like this.

They should invest more on security testing, penetration testing, vulnerability testing by making agreement with white hat hackers. I'm following many hackhathons on mew and most of the times hackers are succeeding to steal the money, it is really concerning.

don't save your public key on email :(
maybe

yes,, we must be able to making sure and read,,what we click is true?but its better to retype myetherwallet correctly.. because admin or developer myetherwallet never send a message to each user. i also prefer using file keystore,even though its a bit complicated.or you can bookmark and check many times to ensure the real intended site.i hope the future there is improvement to be more secure.

" MyEtherWallet.com does not hold your keys for you. We cannot access accounts, recover keys, reset passwords, nor reverse transactions. Protect your keys & always check that you are on correct URL. You are responsible for your security."

> dont give you private key to others

>  bookmark the mew site

> dont login the mew using others url /links

> dont save your public and private key in same notepad or doc

> most of them mistake add there private key for the bounty and hacked


follow that methods you can save

why can you be sure that your myetherwallet account will be hacked by hackers? it all depends on yourself, you may be exposed to phishing, or your computer is attacked by hackers because you are downloading some software that is not important.

yes yes what you answer, that you should bookmark the official website of MEW, all the security depends on the responsibility of those using MEW.

buy a ledger nano s and never think about security anymore.

In my opinion, I think two factor authenticator would be essential on myetherwalet, however, I wouldn't say that their security  is poor since I have used it and still using it but haven't encounter any difficulties.

They give you several options to back up your wallet: private keys, Json file etc. I don't think someone will easily hack your account unless your provide them with your private keys, remember that private keys are meant to be private and are very difficult to crack, and even if you do crack it but it will take you months until you get it right.

Its not really necessary at all because it is actually MEW holders responsibility regarding on the security of his own wallet. MEW is indeed secured as long you do know how to avoid those phishing links and possible compromising or disclosing your keys.As long you are aware on those things your MEW is really secure.

yes, some times you have to check the official site url of MyEtherWallet to prevent bad things called phishing. should always check url MEW, must and it should be noticed.

There are so many reasons behind this question. first one is if any website is not using multi security function then it means that website is not much safe. Myetherwallet is not secure because it is not using google authentication which cannot be cracked by hackers at any cost. Myetherwallet also must start to mobile security. slack is also big supporter to hacker. If any one want to secure their coin then please don't open slack mails in your mail id and not reply to them and just delete them, this is the main reason to hack the Myetherwallet.

Yea, its posible to brute force a private key but, it would takes thousands of years or hundreds of years just to get one eth private key mate. I will make it short it's nearly imposible to crack a single private key.

To maintain the safety of our accounts and make it should be started by users itself not only by a wallet services . I wonder how a certain hacker gets these people's credentials for their myethereumwallet accounts, being a noob should not be considered as an excuse to set aside your common sense and your observation .

With just commonsense you would eventually avoid on being hacked on your myetherwallet which i agree that being a noob is not really an excuse as long you do know your responsibility on hiding your private keys then theres nothing to worry when it comes on hacking incident.Just to read up above it is right that even cracking a single private key would really takes year for sure and you would need to have a super computer on cracking those hashes.

thats why they always remind users to double checked the site url and if possible bookmarked the website to make sure that we are using the right one,
its our obligations to take care of our wallets private key or security key never ever entrust the information to anyone and never store it from some place
which hackers can see it.

I agree with the majority of posts. security depends mostly on the users. But this wallet should also elevate its security, since such cases might affect its overall credibility

It seems like they didn't put enough focus on security side. first of all it is a web application, that literally means that is open and vulnerable. so they should more than their best to make sure it is safer.

The basic requirement for every bitcoin user is the security of his wallet. Hackers are never missing and who knows what may happen if you are not protected. You have to think about it because it's a big problem.

Even if you keep the private key securely, the risk is still there. Do you remember what happened to Instawallet in 2013? For noobs, Instawallet was an online Bitcoin wallet, and it closed down after it was found that google search revealed the private keys to the wallet.

Myetherwallet is secure. It is up to you how you use it wisely. Better use JSON FILE if you want  to  login in your account so your private key would not exposed. Anyway 2fa is also good additional layer of security for myetherwallet.

secure password and private key is good.
hackers can not penetrate your wallet without the private key. to ensure your safety, please protect your computer, ensure no malicious code and viruses. Private key stored carefully

Am I the only one who partly agrees with this. I mean there's always room for improvements, but there'll always be supersmart people which will find exploits and try to profit from them. Like others already mentioned you should use it wisely and be careful what you do on the internetz. Clicking on 1 single scam link can't empty all of your wallets in seconds. It's all up to you, but please don't blame the team behind the wallet afterwards.

This is a stupid and unfounded comparison. Obviously, you have no idea how MyEtherWallet works and you didn't do any research before posting.
At least bother to read a couple pages of the thread before posting in it. If you are posting just to boost your post count, don't post. If you have no idea what the thread is about, don't post.
It's sad to see high ranking member posts such nonsense.

I suggest checking the MEW address and always keeping the private key or jason file. some fishing cases become a real threat.
bookmark address mew, i'm satisfied using MEW.

The ether wallet is not secure because you not care about it. Do you see MEW's warning to its users?

"MyEtherWallet.com does not hold your keys for you. We can not access accounts, recover keys, reset passwords, or reverse transactions." Protect your keys & always check that you are on the correct URL.

That's why you care about it and if you do not do it it's likely that you've hit a phishing site.

Many people complaining of their myetherwallet account compromised and i also got some slack mails to get my data in the name of re-validation of myethwrwallet data but i immediately remove that mail as it was a spam in my opinion. Don't open any mail which ask for your re-validation of any account .

hi,

myetherwallet don't hold or store private keys in the website! if your wallet get hacked:

1- your pc/mac is hacked and haker have acces or remote controle to your pc!

2- you went to a phising website.

I don't think it is unsecure, if you click any other my ether wallet links and use it, you can't blame my ether wallet for it. But google authentication would be good.

Valuable information here.
Thank you for sharing.
Security is very important therefore wallets should be used wisely.

MEW says Private Key (Unencrypted). How to encrypt the private key?

But why? Problem is not in myetherwallet, problem are users who don't look what sites they are opening.
If they implement 2FA, and you click on phishing site with your private key, how is 2FA going to help you? It won't. Myether wallet is not the only wallet and private keys can be imported everywhere.

Yeah i agreed with you , i used MEW for longtime , maybe 5-6 month , but i never clicked not valid link on email.
Because some email will ask our password on other information.
Its depends on you , dont click any email from not trusted sender and check the valid information from your clicked site.
Because too much scam site send to email , If u want more secure , i suggest u to use Trezor or Ledger Wallet (Paid Application).

Does anyone have a suggestion for a wallet that is good for erc20 tokens that are less well known? So good thing about myetherwallet is you can include token codes (so for ICO's etc) that are less well known and use the wallet to receive these tokens.

Other wallets are more user friendly and may be more secure (like exodus is user friendly for example), but all the extra 'new' or less well known tokens are not 'viewable' through these wallets.

Like your key has full power to store it. if you are careless then it is your fault.
save your private key safely make sure the link you write is correct.

I hope this helps

hackers ready to hack bit coin wallets because in the wallets millions of money investing every day so for that most of the people afraid about this site. if developers who are developing to this wallet that persons try to add some security features in the wallet. like otp, sms alert and message and mail like that given good features then no need to feel afraid.

You just need to ignore any emails that is telling you to update your account or change your password. It's very simple and I don't get why people always blame mew when they got hacked and all their tokens are stolen even if it is their fault in the first place because of their stupidity and carelessness.

I agreed , well there are many stories about people got hack, because they accidentally copy & paste there private key, but if there will be authentication like you said. I would be a big help for us whose using MEW. Now a day hacker will do everything to get your private key so we should be aware of.
Always check the links , 5x check before entering your private key .

It is built for scams, that is the main reason, no 2 factors for email setup or phone verification. trusting this myetherwallet and keeping funds in them is wrong alias.
They are making money, but they don't know how to secure people money means they are worse in nature. I suggest you to never keep funds in them.

coinomi is a multi wallet that also supports some erc20 tokens and also theres an option that you can add your own token just like on myetherwallet. i think coinomi is much safer when compared to mew because it has a downloadable client like for example in android o.s though i dont know if coinomi supports other platform like ios and windows, linux, mac but overall coinomi is by far the best multi wallet next to myetherwallet. hands down.

Why you saying like this,in my knowledge MEW is one of the best wallets and it is fully secured because we need private key to access the wallets,If your wallets gets hacked then it maybe your faults never store your private key on the online drive or in computer,because there is possibilty to hack your private key if it is stored in online source.
If you still not contented with MEW wallet then better go and buy a hardware it is most secure wallets for crypto currencies.

Yes I agree with that one of my friend he is processing for his etherwallet get hacked because of the virus and poor security of account. Should avail ourself of an app-based verification option such as Google Authenticator that can protect etherwallet account.