Eugene Ives

How to Prevent Light Wallet Attacks on MyEtherWallet Express

Recommendations for all MyEtherWallet users and developers
How to Prevent Light Wallet Attacks on MyEtherWallet Express
You may also like:

MEW

You have probably heard bad news from MyEtherWallet. On April 24, official representatives announced that unknown hackers have hijacked several DNS servers, users were redirected to the phishing sites.

Reddit users were the first to draw the attention to the problem-  while accessing the wallet, they were automatically redirected to another site while all their funds were sent to third-party wallets.

One of the commenters wrote: ‘I’ve lost all my ETH funds.’ Within three hours after the hackers’ attack over $152,000 were stolen in ETH equivalent. However, I assume that total losses could be many times more.

How did it happen?

The crooks used an old (but highly effective) method, known as a hijacking of BGP for retargeting DNS servers, in simple words-  phishing. The absence of the MyEtherWallet official certificate was the only mean to recognize the scam. However, looking at the losses very few users paid attention to this.

MEW key

This is not the first time MyEtherWallet encounters the retargeting of DNS servers. Earlier, at the beginning of January, representatives of the project Blue Protocol drew the community attention to the low-security level of MyEtherWallet DNS servers. However, MEW called it ‘a stupid lie.’ Blue Protocol recommends avoiding using MEW, as they are concerned that the issue still exists but developers simply ignore it.

💼 Related Article
Trezor vs. Ledger: 5 Things You Should Know Before You Buy
🔥 Hot
11 months
256
Trezor vs. Ledger: 5 Things You Should Know Before You Buy

What to do now?

As of now, MEW hasn’t confirmed that DNS attack is over and all issues had been resolved. If you have not used MEW on April 24th, accessing your account using the private key or keystore file, all your funds are safe. Just do not access the MEW website until the issue is fixed by MEW team and you get a ‘green light.’

If you have used MEW during these four unfortunate hours- your wallets are compromised. You need to immediately transfer your funds to new wallet addresses and make sure that you’re the only person to have access to your private keys.

The incident with MEW showed us a real example of the issue for the light wallets. Yesterday crypto users have lost over $150,000 while only MEW was under the attack. Just imagine what happens to the crypto market if more wallets suffer from this issue? Time to learn from others’ mistakes. If you use wallets like MEW, you should follow appropriate rules.

My recommendations for all users:

  • Always check the green address on your browser address bar. Ordinary SSL is not enough! Use ONLY those services that have passed the validation and obtained an extended named SSL Certificate, which represents the company’s name. On Guarda’s example, it’s Guardarian OÜ [EE].

  • Does the Web wallet have alternative platforms-  desktop or mobile application? Those platforms are much safer as they’ve got secure internal data storage. That’s why Guarda develops non-custodial mobile wallet applications, like Guarda Ethereum Wallet, Guarda Bitcoin Wallet and etc.

  • It’s much more secure to store large amounts of cryptocurrency on hardware wallets. It should be clearly understood that Web wallets imply managing small amounts of funds, further go desktop and mobile wallets, and hardware wallets -  for the large amount of assets storage.

My recommendations for the wallet developers:

  • Pass the extended validation tests and obtained names SSL Certificates, so that users can check an organization name and domain.

  • Use Cloudflare DNSSEC to sign your records. IP-addresses returned by the fake DNS were not signed up, as they do not have encrypted keys.

  • You can choose for your customers to use the DNS over HTTPS endpoint instead of sending DNS queries over plaintext for increased security and privacy.

  • Support alternative platforms-  local wallets, desktop versions and mobile applications.

As for me, I would recommend using all possible alternatives together. This will minimize risks and the attack surface. I would like to endorse MEW team, hope they will find the solution asap. From my side, I may lend a hand to the MEW team and share the experience how we prevent those attacks on Guarda Wallet.

💼 Related Article
Wearable Cryptocurrency Wallet Comes to Market
🔥 Hot
10 months 3 weeks
256
Wearable Cryptocurrency Wallet Comes to Market

Subscribe to U.Today on Facebook, and get involved in all top daily cryptocurrency news, stories and price predictions!
170 views
👓 Recommended articles
something-wide
something-wide
Andrew Strogoff

Bitstamp Review: Cryptocurrency Exchange For All Types Of Traders

Bitstamp is a very tough player of the crypto exchange industry, offering many features to its clients
Bitstamp Review: Cryptocurrency Exchange For All Types Of Traders
You may also like:

trading platform

Hello, mates. I know that many of you are looking for a trading place where you can buy and sell both cryptos and fiat money. This review is related to Bitstamp cryptocurrency exchange. Here I will cover such points as registration procedure (including personal verification), trading features, conditions (including fees) and some other important aspects.

Before I start describing the main features of this trading platform, I would like to familiarize you with the company itself. Bitstamp is one of the oldest cryptocurrency marketplaces in the world. The company began its activity in 2011 in the UK. However, later they have opened other offices in Luxemburg and New York. Crypto exchange Bitstamp received its license in Luxemburg.

This marketplace is widely known within the cryptocurrency community and I would tell that this is true as you hardly can find a trader who heard nothing about it. Moreover, several famous and popular tabloids like Forbes, Coindesk, Reuters have mentioned Bitstamp in their articles. The company has established cooperation with Ripple, CACEIS and Swissquote.

This crypto exchange trading place offers English only. There are no other language options at all. However, it gathers traders from all over the world.

💼 Related Article
Bitcoin Price Volatility Explained
🔥 Hot
9 months 1 week
256
Bitcoin Price Volatility Explained

How to create an account with Bitstamp

Before you start trading with this exchange, you need to create your account. There are no difficulties to do it, as the form is very easy. You need to fill in your name, email address and accept terms of use and Bitstamp Privacy Policy.

 account with Bitstamp

Above you can find the form that I have already filled in. After pressing on “Register” you will proceed to the second step. You will be sent an email with a confirmation link in order to end account creation procedure.

💼 Related Article
How to Trade Cryptocurrencies
🔥 Hot
9 months 1 week
256
How to Trade Cryptocurrencies

Once you have created your account, you can proceed with its verification. Here I want to make a reservation. I think it is not a secret that there are trading platforms with no obligatory verification procedure, meaning without confirming your identity, you will be able to trade but with some limitations.

Bitstamp requires verification from all service users without any exception. Moreover, you will not be able to proceed to deposit and withdrawal step before you confirm your identity. This requirement is obligatory because the platform has a license.

Now I am going to stop on details of the verification procedure. After you have created your account, you can login and navigate to “Verify account.”

I can say that this procedure is a bit harder than creating an account as you have not only to provide your personal data, but also to provide exchange with your ID documents scans. What kind of personal information is required?

You need to provide Bitstamp with data, indicated in your ID. Additionally, you need to upload the following documents:

  1. ID photo.

  2. Proof of residence document photo (this can be your bank statement, utility bill or taxes certificate, for example).

💼 Related Article
What is Trading and Cryptocurrency Trading, Their Main Features
🔥 Hot
9 months 1 week
256
 What is Trading and Cryptocurrency Trading, Their Main Features

How to deposit and withdraw money

Bitstamp offers the opportunity for all its clients to deposit and withdraw in both fiat currencies and cryptos. You can use, for example, VISA or MasterCard as well as SEPA (European Bank). As for cryptocurrencies, you are allowed to deposit and withdraw with Bitcoin, Litecoin, Ripple, Ethereum and others.

How to place your first order with Bitstamp, order types, trading tools

When you have already created your account and verified it, deposited some amount, you can start trading. Here, I want to make a couple of points for you to pay attention to. Bitstamp offers a high-quality trading platform with several features including professional charts and some other important.

The first thing that I have noticed when I have entered the platform for the first time was the number of currency pairs, which is lower as compared to the most of competitors. The number of pairs is slightly above 10.

order typesNow let’s get down to the trading platform. This is a very important aspect for every trader as charts allow users not only to see the current price but also to analyze it using historical data. Bitstamp offers modern full functional chart with several trading tools.

Take a look at the screenshot. You can see there candlestick chart. In the upper part of the chart, you can choose indicators and different graphic tools. As for indicators, there are many useful algorithms including the most popular Bollinger Bands, ADX, ATR and the others. Graphic tools are represented by different types of lines and other geometric patterns. Here you can find Fibonacci retracement as well.

Before you open any trade you need to choose a trading pair. This option is also available in the upper side of the platform. The next step is to choose the order type. Here I want you to pay attention to the different types of trades that are available with Bitstamp: they are the following:

  1. Instant order. The easiest one that is recommended by the exchange to beginner traders. Here you buy or sell cryptocurrency at the current market price.

  2. Market order. Is it a kind of instant order, but you can buy or sell cryptocurrencies at best prices. This order is suitable for those who have some trading skills already and want to improve their entry points.

  3. Limit order allows traders and investors to choose the price at which they will buy or sell cryptos. This one is suitable for professionals and skilled market players. The main idea of this order is to set a price at a desirable level and wait for the crypto to reach it.

  4. Stop order. This kind of trade allows users to limit their losses in case if the price goes in the opposite direction.

Once you have chosen your pair and order type, you can input the amount you want to sell or to buy and start trading. As far as you can see, there is nothing difficult here.

💼 Related Article
Major Cryptocurrency Market Analysis Methods
🔥 Hot
9 months 1 week
256
Major Cryptocurrency Market Analysis Methods

Bitstamp fees

Almost all cryptocurrency exchanges take their fees not only for trading but also for deposit and withdrawal procedures. Trading fees at Bitstamp are diversified meaning the more you trade, the less you pay. This is a fair approach, I think as exchange earns more when you have higher month trading volumes.

As for deposit and withdrawal fees, they are taken by the company but they do not come directly to the company’s pocket as this money goes to payment systems.

The highest trading commission rate is 0.25 percent. It is taken from all those who’s monthly trading volume is below $20,000.

Security and support service

I have a good news for you. Bitstamp requires two-factor authentication since June 2018. This is a mandatory procedure, which increases the security level of your own trading account. You can use both Google Autenticator or Duo Mobile services.

💼 Related Article
Cryptocurrency Trading Signals, How to Choose and to Use Them
🔥 Hot
8 months
256
Cryptocurrency Trading Signals, How to Choose and to Use Them

Moreover, you can switch on notifications about all the important events that take place in your trading account. Those messages will be transferred directly to your email address. This allows users to get updates on all the important events and take measures in case of any suspicious acts.

As for the support service, some users say that sometimes it takes time to receive any answer from the team. The speed of reaction is slow, but to tell the truth, I think that this is due to the inflow of investors. Bitstamp is one of many exchanges having such problems and I hope they are going to solve them in the future.

Pros and cons

This is my most preferable part of any crypto exchange review. Here I’m going to underline those pros and cons I think the most important of the company. I’m going to start with advantages. Here they are:

  1. Great working experience. Bitstamp operates since 2011. The team does not hide their members, which is a positive aspect as they are trusted by the crypto community.

  2. Bitstamp has its license and operates according to legislation. Users may be sure that their money is safe and they will not be scammed by the administration.

  3. Liquidity. This exchange has high liquidity as there are serious daily trading volumes. This means that the currency pairs are less volatile and you can use all types of orders.

  4. Several payment methods allowed. Bitstamp offers not only cryptocurrencies but also fiat money. You can deposit USD and EUR as well as withdraw them from your trading account. Credit and debit cards such as MasterCard or VISA are also available.

  5. Friendly user interface. I heard no complaints about Bitstamp’s interface from users and I found no negative testimonials about it.

💼 Related Article
NEO Trading Guide For Beginners
🔥 Hot
8 months 1 week
256
NEO Trading Guide For Beginners

And now I’m going to share with you my negative thoughts about the exchange. They are not numerous, but I think it will be interesting for you:

  1. Verification requirements. This is not the big problem, but I think there are those who want to stay anonymous in crypto industry. Bitstamp does not allow to stay in shadow as every user has to do the verification procedure before getting access to trading.

  2. A small number of cryptocurrency pairs. It is true. You will not find any altcoins from above the top 20. However, Bitstamp offers in its turn the possibility to work with hybrid pairs including USD and other fiats. The exchange can be used as your pass into the world of altcoins as you may buy BTC or ETH here and then transfer those cryptos to other exchanges with a wider range of pairs, which do not support fiat money.

  3. Lack of localization. The website is in English only. Other languages are unavailable. I’m far from thinking that the international language is not enough for such a trading platform, but for some traders, it may be a real problem to work with the exchange.

Bitstamp overview

Before making the full stop, I would like to make a brief overview of this crypto exchange. I’m not going to give any recommendations as it is up to you to decide whether to place your investments there or to find some other trading platforms. However, I want you to pay attention to some interesting moments.

Bitstamp operates since 2011 and there were no significant security issues. This is the first thing that I have paid attention to. Bitstamp offers great opportunities for all those traders who want to use technical analysis in their trading routine as there is a large number of indicators and other important tools available.

💼 Related Article
ZCash Price Prediction- How Much Will cost ZEC in 2018?
🔥 Hot
8 months 2 weeks
256
ZCash Price Prediction- How Much Will cost ZEC in 2018?

Join our Telegram channel to get news even faster!
373 views
👓 Recommended articles
something-wide
something-wide