July 15, 2026

Capitalizations Index – B ∞/21M

Private Keys + Websites = 💀 – MyCrypto – Medium

Private keys + websites = 💀 – mycrypto – medium

Private Keys + Websites = 💀 – MyCrypto – Medium

Private keys + websites = 💀 – mycrypto – medium

You do not send your private key anywhere, but all of the nodes and miners can use cryptography to quickly and easily verify you have the authorization to send that transaction. Again, fancy math and code.

If you’ve used the internet, you’re familiar with the idea of logging into a site or application with a username (or email address) and password. You may additionally provide a 2FA code.

When you do this you send your email and password to the central server; that server checks whether it is valid (the same as the information they have stored on their server), and either grants you access or denies you access.

Because the methods used for traditional authentication via a central server are fundamentally different than the method used to authenticate a transaction on the blockchain, there are some key differences you should be aware of:

You don’t need a username and a password, just the single private key.

When sending your ether, you’re not required to have both the public and private keys. All you need is a private key to gain access to a wallet. This creates additional risk, as a scammer or phishing site only needs to obtain that one piece of information to ruin your day/month/year/life.

There’s no “forgot password” button.

If you ever lose your private key, there’s nothing that can be done. Because your private keys are not stored on a central server (like your username + passwords traditionally are), there is no one to recover it for you. If you lose it, it’s gone and your assets are forever unrecoverable.

There’s no two-factor authentication.

If someone gains access to your private key, the only thing you can do is hope you’re faster at moving assets than they are. There’s no 2FA to ensure that your key is behind another layer of protection. If you lose it, you lose it.

There’s no insurance if you do screw up. No reversing transactions.

This is true for all of cryptocurrency, but it highlights the significance of keeping your keys safe (and not typing/pasting them into a browser). If someone gets a hold of your private key and sends your funds elsewhere, there’s nothing you can do.

There is no way to change your private key.

Because all the nodes and miners all across the entire world have to play by the same cryptographic rules, there is no way to change your private key to prevent further loss once your account is compromised.

A private key is basically one big single point of failure. Using one to access your assets, especially on a website, is playing with fire.

What should we do about it?

A personal note from Taylor:

When we first started building MyEtherWallet, I didn’t realize how dangerous it was to encourage people to use their private keys on a website. I figured if we were trustworthy and we never sent the private keys anywhere, then it would be safe.

That was shortsighted, stupid, ignorant, harmful and we can never go back in time to change the decisions we made in early 2015.

Regardless of all the good, we are responsible for not only encouraging our users to engage in a terrible practice, but also encouraging other developers, products, and companies to follow our lead. This has resulted in more loss than I can comprehend.

According to our stats at EtherScamDB, over 40,000 ETH has been sent to addresses that are flagged as being affiliated with scams orphishing sites. Those are just the ones targeting individuals — that doesn’t include attacks on exchanges and companies.

No amount of education, 10-page onboarding pop-ups, checkboxes, screaming, nor stomping our feet will prevent users from taking the easiest path. If you allow them to use their private key, they will use their private key, and everyone will lose.

This community deserves better and those who encourage this practice at this point in time, with all we have learned, myself included, should be called out and chastised for their decision.

I feel this way partially because I wish someone had educated my ass earlier about the risks and what I was encouraging. My naivety was the cause of this decision. I failed to realize that entering private keys on websites trains users that it’s okay to enter their keys on websites. It also makes you a huge target for phishers, scammers, and hackers. Even sophisticated attacks that target the underpinnings of the internet.

Last year, we removed the ability for users to access their funds via private key on MyCrypto.com. For those who still want to use their private key in a more secure environment, we’ve made available the downloadable MyCrypto Desktop App.

This was a hard decision as it added friction to people’s experience and removed core functionality from our most-used product. However, the data and stories from people who had lost their funds made it clear that the benefits would outweigh the cost.

We hope that those building products in this space learn from our mistakes, take action to prevent further loss, and stop encouraging bad practices.

It’s time to say goodbye.

Recommended Methods of Keeping Yourself Secure

Talk To Us & Share Your Thoughts

Published at Tue, 16 Apr 2019 17:14:48 +0000

Previous Article

Weird Flex: OKEx Refuses to #DelistBSV, SBI Holdings Delists Bitcoin Cash Instead

Next Article

Internet privacy device Honeypod to integrate DigiByte coin

You might be interested in …

BTC Is Still Below $4000 USDT

BTC Is Still Below $4000 USDT As of 03:00 (UTC) on March 26, the price of bitcoin (BTC) on Binance is trading below $4,000 USDT. The global index marks $3,966.32, with a decrease of 1.51% […]

Filling the Demand: Cryptocurrency Job Postings Set to Triple From 2016

Filling the Demand as Cryptocurrency Job Postings Set to Triple From 2016

AngelList, the job board specializing in startup jobs, reports cryptocurrency job postings have nearly doubled in the past six months and are soon to triple from 2016. Companies in the crypto space have experienced “unparalleled investment and growth” in recent months. The organization stated that while many new technologies (self-driving cars and virtual reality, for example) are embraced by tech giants, cryptocurrency remains one of the largest non-corporate startup opportunities.

The data shows that investments are on the rise. Cryptocurrency startups collected more investments in the first two quarters of 2017 ($467 million) than they did in all of 2016 ($325 million). According to AngelList, as the companies in the crypto space grow, and raise larger amounts of funds at higher valuations, their need for new talent has also grown. The two main reasons for the crypto hiring boom are the expansions of both bitcoin and Ethereum to a mainstream audience and the popularity of Initial Coin Offerings (ICOs).

In 2016, there were 442 cryptocurrency-related job postings on AngelList; however, the number of listings is projected to reach 1,255 by the end of 2017. The organization added that in the last six months, the number of job postings has nearly doubled. While experienced engineers in the crypto space are in the highest demand, startups are also looking for engineers with an interest in cryptocurrencies. There are also positions ready to be filled in the areas of marketing, business development, operations, customer support and other job functions in which no technical background is required.

The main reasons to join a cryptocurrency startup as either an employee or a team member include better salaries — up to 20 percent higher compared to the industry norm — more remote flexibility and employee liquidity in the form of tokens or coins, which is often an exclusive bonus offered at “new coin/token companies,” according to AngelList.

Preparing to Answer the Growing Demand for Talent

At a time when demand for crypto experts is on the rise, the blockchain and research development company IOHK has announced that the first cohort of its graduates has successfully completed training at the summer course hosted by IOHK, and are ready to start working within the crypto space and blockchain industry. IOHK plans to offer full-time positions to selected candidates from the training program in the firm’s newly created Athens Haskell Team.

IOHK offered the summer course free of charge to computer science graduates in Athens, Greece. The participants were personally selected by the university professors. The course primarily focused on Haskell, a programming language currently in high demand within the crypto space because of the language’s significant security advantages. The summer course was a little more than two months long, hosted between July 17 and September 22.

“Corporations and financial institutions are increasingly seeking Haskell developers, but are faced with a shortage of skilled programmers. IOHK is delighted to have trained seven talented students into proficient Haskell developers. Building on IOHK’s growing legacy of sourcing and training high-quality programmers and engineers from Greece, we are proud to have made several offers of employment to them,” IOHK Chief Scientist Aggelos Kiayias said in a statement.

In addition to attending lectures presented by notables like Dr. Lars Brünjes, Haskell developer at IOHK, and Dr. Andres Löh of the Haskell consulting firm Well-Typed, the students had to complete assignments and programming projects, such as creating peer-to-peer networks and performing a “handshake” with a bitcoin node.

“By integrating several of IOHK’s internal project goals into the curriculum, students were given practical experience programming code that solved real, relevant industry problems,” Prof. Kiayias said.

IOHK is not the only firm offering blockchain courses for students. Blockchain software technology company ConsenSys recently announced that the first developer program class of ConsenSys Academy, consisting of more than 150 blockchain developers, will be flying to Dubai for a “three-day hackathon” followed by a graduate ceremony on October 22, 2017. According to the organization, the class represents the first group of successful candidates out of 1,300 applicants from 95 different countries. ConsenSys’s goal with the Academy’s program is to address the global shortage of blockchain developers.

The post Filling the Demand: Cryptocurrency Job Postings Set to Triple From 2016 appeared first on Bitcoin Magazine.

Why do we need blockchain technology? | cédric waldburger

Why Do We Need Blockchain Technology? | Cédric Waldburger

Why Do We Need Blockchain Technology? | Cédric Waldburger I discovered that I like simple questions with not-so-simple answers. A recent one I came across: Why do we need Blockchain technology? While the question is […]