Basic MEW/MyCrytpo Wallet Education

I keep seeing posts/questions, over and over, with people freaking out about MEW and asking questions like:

  • Are my ETH and ERC-20 tokens safe?
  • Do I need to move everything out of my Ledger/Trezor?
  • Is MetaMask still safe?
  • Is MEW/MyCrypto a scam and trying to steal my Ether?

This reveals a fundamental misunderstanding in what MEW does and a severe lack of even basic knowledge of the blockchain/wallet relationship.

To answer the above questions:

  • Yes.
  • No.
  • Yes.
  • No.

MEW/MyCrypto/Trezor/Ledger/MetaMask are INTERFACES to the Ethereum blockchain and your wallet.

Your ETH and ERC-20 tokens live on the blockchain, IN THE ETHER, as it were, stored inside of your wallet (I am simplifying where ERC-20 tokens are stored for the sake of an easy explanation. For all intents and purposes, they are in your wallet as well.)

Your Ethereum wallet that you may have generated with MEW, MetaMask, Trezor, Ledger, geth, parity, etc. is simply a pair of keys: one public, one private. The keys are NOT STORED in MEW/MyCrypto/MetaMesk/etc., (again, for simplicity sake, I am not going to address the encrypted interfaces) therefore, these INTERFACES cannot steal your wallet, nor your ETH/tokens.

The wallet "address", the public key, lives on the blockchain. That thing this is all about. MEW doesn't own it. If MEW goes down, if Ledger goes out of business tomorrow, nothing changes. As long as you control the private key, your coins are FINE.

Now, could MEW/MyCrypto have been hacked and the interface compromised? Yes. Could Trezor/Legder/MetaMask have some awful bug/attack and your PRIVATE KEY be stolen, therefore giving someone access to your wallet that lives on the blockchain? YES. Could there be a "virus" on your computer, lurking in the background, waiting for you to enter a private key in to an interface and then redirect it elsewhere or modify addresses or something else nefarious? Yes. There are a ton of attack vectors and different ways people can try to steal your private key. That's all they're after. This is why code like my MEW/MyCrypto is open-source and encourages you to run it offline.

No matter how much you trust a third-party, MEW, MetaMask, Trezor, Facebook, your mom, you need to VERIFY what you're doing when you're doing it. "Trust, but verify." I realize that can be complex for people with low-technical skills or no real interest in learning, that just want to click a button, but it is what it is.

I'm not going to get in to a discussion about how this was handled and people's integrity and motivations. The point is: YOUR ETHER IS NOT STORED ON MEW. YOUR COINS ARE FINE.