There are a lot of questions, and while
I am not an expert, I thought I'd try and put the information I know in a place to help people.
if you find any flaws/wrongs please write and I will edit!MyEtherWallet is a popular wallet.However, it's an
interface, they don't save your keys, they can't help you if you lose your keys/funds.
MyEtherWallet is only a bridge to communicate with the blockchain.
Many people use this, and due to this DNS 'hack' and other hacks like it that has happened, I thought I would make a simple guide.
I suggest that if you want to keep using MyEtherWallet, do it
offline!
Here's a guide on how to use MEW offline:
https://myetherwallet.github.io/knowledge-base/offline/running-myetherwallet-locally.htmlAlways make sure the lock icon next to the url bar is Green!MyEtherWallet also allows you to 'generate' a wallet (basically get a public+private key). The safest choice would be to download an encrypted keyfile and use that to login.
This means that even if someone were to access your keyfile, they'd require your password.
However, if you submit this data to a phishing site, you'd still lose your funds!Entering your private key in plain text is unwise as a keylogger/middleman could read this data.Another popular choice is
MetaMask.
https://metamask.io/MetaMask is a browser plugin which basically lets you do all your transactions in a little browser window, instead of going to for example MyEtherWallet.
MetaMask is great because it also allows you to easily interact with any type of dApps with ease(basically your MetaMask would work as an account in a way).
MetaMask also protects you versus phishing sites.
As I understand it, MetaMask stores a file locally encrypted with a password.
The public key is seen in MetaMask, however you can also export the private key.
Hardware walletsI personally advocate for
Trezor as it is open source(therefore all code can be verified to be safe).
The most popular wallet however, I believe is Ledger Nano.
Basically how a hardware wallet works is, keys are generated inside it.
Whenever you want to do a transaction, all that happens is that the transaction is
signed inside your hardware wallet,
and this signed transaction data is broadcasted. The private key never leaves your wallet.
The recipient address could still be changed by a virus!
Hardware wallets generally have a screen and buttons to confirm transactions and you can confirm the address. In my personal opinion, hardware wallets are the best choice for most people - they are foolproof and safe.
You get a recovery phrase you write down in case you lose your wallet.
To access it, you need to enter a PIN that you choose on first time setup.
Trezor/Ledger supports many different cryptos, not only bitcoin/eth.
However, of course a physical device comes with a cost - ~$50-100 depending on which one you go for.
If you believe your crypto will one day be worth a lot, or already is - it's definately a sound investment!sites:www.ledgerwallet.comwww.trezor.ioKeeping funds on an exchangeThis is quite popular, and I guess there is nothing wrong with it.
But, people need to be aware of the risks involved.
Any funds kept on an exchange,
is not truly your funds!
All it is, is their database saying that your account holds [these cryptos].
It doesn't mean they actually have coverage to cover everyone incase a mass cashout(probably a small risk tho).
What is more important, is to consider what this means - they're in control of your funds,
and theoretically, they can very easily prevent you from ever receiving your funds.
Of course, this is not something that one has to worry about in general - however, just keep in mind that it's not actually yours.
It's like a bank.
This also means that if your account is hacked, or if the exchange itself is hacked, you might end up lose part of/all your funds.Hot wallet: this is the wallet(s) the exchange uses to payout/receive to, and usually holds a small percentage(<10%) of all funds.
So if an exchange were hacked, they shouldn't be able to lose more than what is in their hot wallets.
Cold wallet: These are wallets that are not exposed to the internet (in terms of private key access by software etc).
An exchange should keep the majority of their funds here.
SummaryThis is my personal opinionOrdering by safety
1. Hardware Wallet
2. MetaMask
3. MyEtherWallet
4. Exchange
I would like to expand on one topic regarding safety:a more 'technical savvy' person, could be perfectly fine with his private key in plaintext.
however, in general, one should be cautious of exposing your private key(in any form - plaintext, encoded), to any sort of software.
If you have a virus, an encrypted file isn't enough, because the moment you decrypt it you'd expose your password to the virus.
If you are using many different plugins in your browser, they might be reading your data(check permissions).
There are too many risks, and way too many people are being scammed.
Don't do it too late, ensure that you're safe today, because in the end - noone can help you.
Part of what's great about crypto is this aspect; isn't it? You and only you are in control of your funds, in all aspects - including safekeeping.'
Here are a few tips I think could be useful:- Scan your computer for viruses on a regular basis(Malwarebytes AntiMalware is a good choice)
- If possible, use a second computer with a factory state OS
- use a different browser without any plugins(apart from MetaMask if that's your choice)
- always ensure that any site you access and intend to put your crypto information in, has a valid certificate.
- (valid certificate: click the green lock next to the URL bar, check the info, confirm it's always the same).
- no company handling money would let their certificate expire.
- if you only want to check your funds, use etherscan.io and search your public address
if you are using Windows, you can also install a second OS - for example Linux Mint.
It's free, and only requires a CD/USB. You can have dualboot setup, so when you want to access your crypto,
just restart your computer, enter Linux Mint, do your business, and restart back into Windows!
A useful browser plugin is NoScript which prevents any site from running javascript without your manual approval.
Other useful plugins in my opinion(somewhat unrelated): uBlock Origin, Privacy Badger, Cookie AutoDelete, Disconnect
Finally, if you are not at all a technical person, it might be better to leave your crypto at an exchange.
Surely the exchange is not the safest place, but a virus riddled computer or general risk behaviour is definately not safer!