If you have been in this space for many years and if you know this MyEtherWallet issue already – more power to you, please give way to the noobs.
We are no noobs when it comes to the crypto space and we were rather shocked and dismayed when we found out about this issue.
What’s the issue?
We were trying to key in our Private Key to log in to our MyEtherWallet. For some odd reason, apparently, we were keying in the wrong alphabet somewhere! (more on this later) and we were logged into someone else’s wallet!!!
Lucky for that wallet, we believe in karma and the wallet had no funds…but that is not a redeeming aspect of this incident at all. It doesn’t give us any comfort that someone might randomly be able to access MEW wallet because of random error.
Fact that we were able to login to someone else’s wallet by some random mistake is very very concerning. I am assuming there are computers, hackers and people with less moral values who might be trying to guess private keys by keying in variations of a known private key.
Once you get in with a private key on MEW – you literally have no one to stop you from doing whatever you want to with the funds.
Is this issue known?
Yes, it is.
Check this response from the MEW support team. To us, this is outright scary. Pay special attention to the highlighted areas. ____________________________________________________
If your Private Key is suddenly opening a different public address, this is most likely because one or two characters on the private key have accidentally been changed while inputting it.
Please visit www.myetherwallet.com/helpers (check for the ‘Secure’ or ‘Inc’ to the left of the URL to make sure it’s our legitimate site!) and scroll to the very bottom of the page.
Here you will see two fields, one for the Private Key you’ve been using, which now opens to a new address, and one for your old Public Address that you are trying to access again.
Enter these two fields in and cross your fingers! You may luck out and get the correct private key back.
This method doesn’t always work, but I really hope it does for you. If you cannot somehow remember/find your old private key format, there will be no way to access your old address. We do not store that information on our system. The helpers function just serves to scan and match private key/public address pairings that exist on the blockchain itself.
Was there an issue with our private key?
Interestingly, there is no issue with our private key because we were able to login just fine when we used Mycrypto app – we were able to login to our own account with the same private key that was landing on a different wallet on MEW.
Does this issue exist with other wallets?
We don’t know.
If it is just a matter of random chance of guessing numbers of a private key – we assume this vulnerability exists for every wallet with private key authentication.
We are no FUDers. But we are not careless either. We used MEW as example only because we encountered this issue on their platform.
What is the solution?
Problem is, you can always prepare for known deliberate attacks by taking precautions – how do you proof yourself from random guess work?
Even if you have your funds on a hard wallet or whatever form – those methods cannot protect you from someone random guessing of private key combinations?
This is why we need wallets/exchanges with insurance
We foresee an amazing business opportunity for exchanges or paid wallet services that guarantees a hack proof system, unless your wallet gets accessed through your password and 2FA, similar to how a bank insurance works.
When someone withdraws money using your debit card pin – it is usually not covered by insurance. However, if someone hacks the bank itself and steals your money – bank is on the hook. Essentially, this security aspect is why people even keep money in a bank.
Similarly, if your funds get accessed using private keys, and since you do not own private keys on an exchange – exchange insurance should be on the hook. If your funds get accessed through password and 2FA then you will be on the hook.
Crypto exchanges and wallets are not there yet. We do not yet have an insured exchange or wallet that guarantees safety of retail investor funds. But when such a service emerges, even retail investors will not mind paying a monthly insurance fees for such a guarantee driven service, in our opinion.
IMPORTANT: Please subscribe to the browser alert here. No annoying emails, just in-browser reminders!
Cryptotapas only contains most selective-research based articles and it takes a lot of work to put together this information – please show your appreciation by buying us a coffee!
If you are thinking to open KuCoin account, please consider using our referral link.
Logos used in this article are property of the respective organizations and individuals.
IMPORTANT DISCLAIMER: Do your own research before investing. Crypto space is very volatile, don’t invest more than what you can afford to lose. Everything in this article is an opinion, not an advice of any kind.