Online Monero Wallet to Mitigate Security Risks by Fixing Flaws Uncovered in Audit

Published at: July 24, 2018

The Monero web wallet says it has undergone a successful security review by an independent provider, with analysts concluding “a number of potential vulnerabilities” have now been fixed, with their risks mitigated.

XMRWallet’s infrastructure was audited by New Alchemy, a blockchain strategy and technology advisory group. During its tests in June 2018, the application’s web traffic and user interface were inspected, all with the aim of uncovering security flaws that could affect trustworthiness.

In its report, New Alchemy concluded: “The XMRWallet application exhibits a high-quality user experience, a modern development approach, and a clear separation of client and server functionality. However, the security review has identified a number of potential vulnerabilities.”

Although these issues varied in severity — some minor, some critical — New Alchemy’s assessment concluded all these flaws were fixed. Examples included the “potentially risky usage of JavaScript” along with the “inadvisable display of private fields and input auto-completion.”

Following retesting — with XMRWallet given advice on ways to mitigate certain issues — New Alchemy said all seven critical issues had been fixed. All but one of the moderate issues raised were addressed, with the last one being reclassified as a “general concern” instead of a security issue. Three minor issues were also fixed, and another three were partially fixed or described as “informational.”

The report added: “The XMRWallet application provides an excellent and intuitive user interface. Each aspect of the application was exercised, including value transfers to and from multiple counter-parties. The code organization and development process facilitated understanding how components fit together. A key strength of the application is minimal endpoints, minimal external data dependencies and minimal unrelated web traffic.”

Overall, New Alchemy said the fixes didn’t require a “major code rip-up” to be resolved, but they would result in a “significant uplift in application trustworthiness.”

New features unveiled

The audit came as XMRWallet began to introduce a suite of new features — including the ability to set the USD pride for sending Monero, matched in XMR automatically. Improvements have also been made to the confirmation window seen by users before they complete a transaction and transfer money.

XMRWallet’s founder, Nathalie Roy, was motivated to launch the platform after using MyMonero and concluding that there were several features which could enhance it further. She also believed that XMRWallet could help in the quest for decentralization — offering a backup plan in case other web wallets become unavailable.

Accounts can be created instantly on XMRWallet, and the platform currently supports 10 languages. The wallet also promises fast transaction times — paving the way for Monero to be sent and received immediately.

XMRWallet.com describes itself as an “open-source web environment” for Monero wallets — and the platform has vowed to be completely free for users, relying on donations in order to provide continued service.

What is Monero?

Supporters of Monero say the decentralized cryptocurrency is secure because every transaction is confirmed via a distributed consensus before it is immutably recorded on the blockchain. As a result, this means crypto enthusiasts do not need to rely on third parties.

Another attribute of Monero is its untraceable, private nature. Addresses used to send and receive crypto — along with the amounts involved in a transaction — are hidden in order to ensure that payments cannot be linked to a certain user, creating the risk of them being identified in a real-world environment.

 

Disclaimer. Cointelegraph does not endorse any content or product on this page. While we aim at providing you all important information that we could obtain, readers should do their own research before taking any actions related to the company and carry full responsibility for their decisions, nor this article can be considered as an investment advice.

Tags
Related Posts
Overview of Software Wallets, the Easy Way to Store Crypto
Similar to a bank account for fiat currency, a crypto wallet is a personal interface for a cryptocurrency network that provides reliable storage and enables transactions. Whether a cryptocurrency is securely stored or not, much depends on the wallet, which is only as secure as its private keys. Wallets are generally either hot or cold. The funds in a hot wallet can be spent at any time, online. A cold wallet functions in contrast: not intended for regular cryptocurrency transactions, but funds can be received at any time. Wallets can also be divided into three groups: software, hardware and paper. …
Blockchain / March 29, 2020
ESET Flags New Latin American Banking Trojan That Targets Crypto
Major Slovakia-based antivirus software provider ESET has discovered a banking trojan that can steal cryptocurrencies and is especially widespread in Latin America. Primary targets Known as “Casbaneiro” or “Metamorfo,” the newly found malware family targets banks and cryptocurrency services located in Brazil and Mexico, ESET’s editorial arm WeLiveSecurity reports Oct. 3. According to the report, Casbaneiro uses a social engineering execution method, which displays fake pop-up windows misleading potential victims to enter sensitive information. The capabilities of the malware are typical of Latin American banking trojans that can take screenshots and send them to command and control server, simulate keyboard …
Blockchain / Oct. 3, 2019
Payments Startup Uphold to Use Ledger Vault
French crypto hardware firm Ledger will provide its technology to American payments startup Uphold to improve security, according to a press release shared with Cointelegraph on May 13. Formerly known as Bitreserve, Uphold will reportedly incorporate Ledger’s institutional custody platform Ledger Vault to boost its anti-hack protection by adding an additional layer of security. J. P. Thieriot, co-founder and CEO of Uphold, said that Ledger Vault integration was mainly driven by customer demand for thorough security measures. According to the press release, the integration of Ledger’s tech will enable a number of key benefits for Uphold, including a multi-authorization governance …
Blockchain / May 14, 2019
‘Unhackable’ Crypto Wallet Reportedly Breached, Hackers Claim to Meet Bounty Conditions
A group of researchers claims to have have hacked the Bitfi wallet, the Next Web reported August 12. Bitfi's executive chairman, cybersecurity pioneer John McAfee, has called it “the world’s first unhackable device.” To prove his claim, McAfee challenged security experts to breach the device for a $100,000 bounty starting July 24. Bitfi is a physical device, or hardware wallet, which supports “an unlimited amount of cryptocurrencies,” and revolves around a user-generated secret phrase instead of a conventional 24-word mnemonic seed that has to be written down. Additionally, Bitfi is purported to be “completely open-source,” meaning that the user stays …
Blockchain / Aug. 14, 2018
What are hierarchical deterministic (HD) crypto wallets?
Are HD wallets safe? HD wallets are as secure as the medium (physical or digital) on which they are stored. BIP-32 enables an HD wallet to produce a tree-like hierarchical structure of private keys from the seed. As a result, if a device is lost or destroyed, the seed backup can be used to restore the wallet along with all of the tree’s private keys. Hierarchical deterministic wallets offer enhanced security and privacy compared to non-deterministic wallets. They are secure because a new address is issued for every new transaction. Therefore, hacking them is a challenging and intricate process. Additionally, …
Blockchain / Jan. 19, 2023