MyCrypto Denounces Support for Private Keys: What Investors Should Do To Prepare And Keep Safe
According to a recent post on MyCrypto’s Medium blog, the company has made the decision to eradicate the use of private keys on their website. While some consumers find this concept to be similar to that of losing security entirely, MyCrypto is actually telling other investors and crypto projects to do the same thing with their accounts.
Consumers will not completely lose their ability to maintain a private key for their wallet, though they will need to the MyCrypto desktop app when it becomes available. Though the alpha version is available for consumers to use, there is a more stable and permanent version that MyCrypto plans to make public in the next few weeks. However, when that release happens, the private keys can exclusively be used with the desktop app and nowhere else.
In a report from EtherscamDB’s scam database, there’s evidence of over $23 million in stolen funds, though there is plenty that may remain unrecorded. Phishing sites that imitate MyCrypto/MyEtherWallet account for over 30% of the loss. It is easy to set a trap for users through a simple email, though phishing can be done in a multitude of ways, depending on the experience of the hacker.
In the original creation of their platform, the two main features that appeals to users was the low overhead to build and the ease of use. Everything indicated that the company would never store the personal keys, passwords, or anything else from the users. However, there were plenty of risks still available on the platform.
There have been many recommendations on the messaging on MyCrypto to migrate away from wallets that do not have safe formats for users. As a reaction to this information, the company has urged users to consider key managers, run their programs both offline or just locally, and to even use physical hardware that is meant for wallets. They even warn consumers before they use their private key, which all seems like ways to put the blame on the user, rather that the lack of security online.
On April 24th, MyEtherWallet was hijacked. This attack caused MyCrypto to realize that they need to make a bigger effort. They put up a guide to help consumers to understand the best ways that they can individually reduce the risk of phishing. Some of the recommendations include verifying the certificate of the website and bookmarking it.
With the new changes on the website, users will have the option soon to download the desktop application, but only in the event that the user wants to login with a passcode. Otherwise, the Desktop application itself will replace the need to input personal details. Throughout the Medium article, MyCrypto heavily pushes the need for users to get involved with the Alpha version of the application until the updated version is available.
In the coming weeks, MyCrypto has voluntarily opted to get a second audit on the system to ensure that they have covered all of the measurements they have planned.