Categories
Crypto News

MyEtherWallet Launched MEW Connect Beta Version for iOS

MyEtherWallet, the most commonly used Ethereum (ETH) wallet, released a beta version of its MEW Connect application for iOS smartphones to increase the security of its customers when logging in. The new app, called MEW Connect, works similarly to a crypto portfolio but eliminates the need for MyEtherWallet (MEW) users to enter their private key to access their holdings.

To do this, the software is designed to function as a cold wallet, which stores the private keys of users and connects to MEW central servers through the reading of a QR code.

The MEW Connect proposal consists of offering MyEtherWallet users with a service to store their keys, in a similar way to the one that cold wallets such as Ledger and Trezor use. However, MEW Connect is free of charge, while the before-mentioned cold wallet solutions cost more than $100.

MEW Connect requires users to create a password for the application and then create an Ethereum (ETH) wallet and copy their private keys. Subsequently, it will be possible to connect MEW Connect to MyEtherWallet by reading the QR code to carry out transactions, which will have to be verified on the mobile device.

MEW Connect by MyEtherWallet launched as a Beta version for iOS

The application is already available for testing on devices running the iOS operating system and is expected to be available soon for Android. As the source codes for both applications will be released, developers hope to receive extensive reports and comments on the flaws and vulnerabilities that MEW Connect may present.

“I hope that users of the beta version are developers who can use our code. I really believe in open source, and we are not planning to hide anything,” stated Kosala Hemachandra, the founder of MyEtherWallet.

To ensure meaningful feedback, MyEtherWallet is implementing a reward program for bugs finding in cooperation with the HackerOne organization which is made up of white hat hackers and security researchers. However, interested independent programmers may also agree to test the application on their own.

In February of this year, the MyEtherWallet team suddenly split when its co-founder, Taylor Monahan, decided to undertake a separate project he called MyCrypto. That is an Ethereum (ETH) client, similar to MEW, but with variations on its roadmap that Monahan considered vitally important.

Categories
Crypto News

MyEtherWallet Hacked Via The Hola VPN Chrome Extension

MyEtherWallet, one of the most popular Ethereum (ETH) wallets, alerted its users that, in case they’ve used the Hola VPN service that works as a Chrome extension to access their portfolio, their funds may be compromised.

The MyEtherWallet (MEW) development team asked their users to transfer the funds stored in their wallet if they had used the Hola VPN service within the last 24 hours. That although their platform was not compromised, but they assume that the attackers still have access via the before-mentioned VPN. According to them, Chrome’s extension may have been the victim of malware for five hours in an attack aimed at logging wallet activity to steal funds.

The vulnerability exploited by the attackers occurred hours after the last update of Hola VPN, released yesterday, and according to MyEtherWallet, the attack was registered from a Russian IP address.

Some Reddit users complained their wallets were hacked even though they had not used Hola VPN

The developers also reminded their users that MEW “does not have any personal data, including passwords,” so their users can be sure that hackers will not get any information if they did not use the VPN. However, the extent of the attack is unknown at this time, and some Reddit users claim to have been hacked without using Hola VPN.

It is important to note that this is the second attack MyEtherWalletexperience in 2018, after the incident on May 24th, when the devs presumed that during the hours of the attack hackers had the opportunity to manipulate the Ethereum (ETH) wallets. According to official statements, MEW suffered the hijacking of some DNS servers that were redirected for hours to a phishing site.

In October 2017, it was the first time when MEW was the subject of a phishing operation in which more than $15 million in Ethereum (ETH) got stolen. However, the attacks MyEtherWallet has suffered in recent months have not been directly linked to vulnerabilities in the wallet code but to its associated services and phishing.

Exit mobile version