How to move from MetaMask to MyEtherWalletsteemCreated with Sketch.

in #eos7 years ago (edited)

An Ethereum wallet is nothing more than a private key. An Ethereum wallet is nothing more than a private key. An Ethereum wallet is nothing more than a private key. An Ethereum wallet is nothing more than a private key. An Ethereum wallet is nothing more than a private key.

While this seems obvious, some fail to grasp it. You can use this private key to import your Ethereum Wallet into most Ethereum Wallet Clients. Always do plenty of research on a wallet before you drop a private key into it and make sure it's secure and is void of vulnerabilities. Crypto is about Personal Responsibility, and nothing myself or anyone says should ever supplement it. This is NOT a claim that MEW is free of vulnerabilities, that is for you to decide.

The process is usually relatively easy, because after all, an Ethereum wallet is nothing more than a private key. As the title implies, this guide is focused on importing into MyEtherWallet (These steps can be extrapolated to Parity/GETH CLI, Ethereum-Wallet, MIST and Ethereum Web Wallet as well, but I have not found any guides... hint hint)

Your best bet is probably to never expose your private key, ever, choose a wallet and stick with it or even better, use cold storage or offline tx signing. However, these are not always feasible for more advanced operations like interacting with a contract on Ethereum Mainnet. And sometimes, this might be your only option.

The problems with MetaMask have been observed while aiding people with EOS Crowdsale. Whether it was a DDoS, or slow nodes, it quickly became obvious that interacting with the contract directly through Ethereum-Wallet or MyEtherWallet may be more accessible for advanced users.

Protect yourself

It's probably not a great idea to use the online version of MyEtherWallet for high value wallets. If you are dealing with a high value wallet, you should educate yourself about Offline Signatures with MEW. The "most secure" way, is to have an offline computer that is never connected to the internet where you handle your private keys. You can then sign a transaction from that computer, and with the generated QR code broadcast the transaction from an internet enabled device. This is referred to as "Air Gapping." It's recommended that you research these principles to protect yourself against the unthinkable. Otherwise, consider a less convenient and user friendly route, like Parity. You can never be too safe.

Understand the risks

An Ethereum wallet is nothing more than a private key. It's dangerous to move private keys, so dangerous, that most wallets go through great lengths to encrypt them and make them inaccessible to reduce their attack vector. Here's only a few of the ways these unencrypted keys to your wallet could be compromised:

  • Accidentally paste them somewhere public, like a chat
  • Compromised system or wallet client software.
  • Accidentally pasting and appending to a URL in an address bar and then hitting the server consequently creating the possibility that they are in a server log
  • Falling for a phishing site, like this one
  • Compromised server hosting MyEtherWallet. If the server hosting MyEtherWallet were compromised, you could subsequently compromise your key.
  • Social hack on MyEtherWallet's hosting company could result in DNS resolution to an attackers server, like with what happened to Classic Ethereum Wallet
  • A handful of other ways...

BTW... If any of these ever happens to you, your wallet is burned, and it's time to move all assets from your burned wallet to a newly generated or another existing Ethereum wallet quickly.

Disclaimer

THIS IS FOR EDUCATIONAL PURPOSES ONLY. I AM NOT RESPONSIBLE FOR TOKEN LOSS. USE AT YOUR OWN RISK. THERE ARE NO GUARANTEES THAT MYETHERWALLET IS FREE OF VULNERABILITIES, WHICH IS TRUE WITH ALL SOFTWARE. MEW HAS NOT BEEN FORMALLY AUDITED. ALWAYS EXERCISE CAUTION WHEN TRANSACTING VALUE ON A BLOCKCHAIN. DO YOUR OWN RESEARCH. THIS IS NOT AN ENDORSEMENT FOR THE SECURITY OF MYETHERWALLET

So if you're the kind of person who isn't good with words (you know who you are): While I have personally checked source code for foul-play this is not an endorsement that it is free of defects or foul play. You should do this yourself. I have never exhaustively audited MEW for vulnerabilities, nor am I aware of any formal audit of MEW. I am not claiming that MEW is secure. To provide some balance to this statement, it does have 2 years of battle-testing, is open-source with a number of contributors. and is a widely used wallet in the Ethereum community.

Read more about MyEtherWallet risks

So now that it's out of of the way...

Export Private key from MetaMask

  1. Click the key in MetaMask, seen below
    Screen Shot 2017-07-04 at 4.00.06 AM.png
  2. Enter MetaMask password
  3. Copy the private key

Import Private key into MEW

When sending a transaction or executing a payable/writeable function in a contract from MEW, you'll be asked to load your wallet, like below.

  1. Select Private Key
  2. Enter your private key from last step
  3. click unlock
    Screen Shot 2017-07-04 at 4.00.55 AM.png

If using the online version of MEW, you will need to enter this every time. This is to protect you. If you're using the Chrome version, you can actually save wallets for later use.

Sandwich's Paranoiac Rituals

  • Take a deep breath and move slowly
  • Select random string of text somewhere and copy it to clear private keys from your clipboard. This will help mitigate accidents. If you want some 1337 points, research how to clear your clipboard on your OS from CLI for some added coverage.
  • Run MyEtherWallet locally
  • Use Offline Signing (more advanced)
  • Run a local parity node

More MEW Guides

Sort:  

a few follow up questions:

  1. Run my ether wallet locally = chrome?

  2. local parity node, im not able to aces parity.io, someone recomended a ip address, but it says it is not private/protected(https). Do you have any workaround for this, to download? maybe a github link to page with instalparity.windowsx64 maybe?

  3. Eos tokens are not visible in my ether wallet for send. do i need to ad them manually(add custom token)
    3.1. i can see a transaction from EOS crowdsale contract depositing to my wallet the correct amount of eos tokens in the wallet history/tokens.

  4. Is closing the My EthernetWallet window, after actions are finished. secure enough/preferd method to stay on the safe side? i cant se/find any "log out" options.

Thank you in advanced!

  1. Chrome is one option, yes. But you can also download from the MyEtherWallet github repo.
  2. Google for "install parity windows" ... follow instructions and start your parity node. Then grab the address it provides you in the terminal, and add that RPC server in MEW (top right corner)
  3. You need to add custom token first, see here
  4. There is no logout, it doesn't save anything for security reasons. If you refresh the page, you need to reload your wallet.

I've learned a lot from you today @sandwich and now I'm hungry.

Good info on mapping EOS keys, I didn't know about it.

For US Based, will I be able to fund EOS and claim EOS Tokens as describer in your post?https://steemit.com/eos/@sandwich/contributing-to-eos-token-sale-with-myetherwallet-and-contract-inner-workings

Please clarify.

Follow me @Yehey
Thank you.

  1. Thank you, i have now successfully transferred my EOS.
  2. For a 3 year study, what kind of programming language/ s would you recommend for being able, in the future, to create and interact with crypto/blockchain technology?
  3. Thank you for your effort in helping me and all the noobs, i see you are active several places!
  1. Awesome!
  2. That's a very broad question, as "interacting" with the blockchain can be done from almost every language. However, if you're referring to smart contracts that depends on the platform you're referring to.
  3. you're welcome.

sandwich could you please explain to the stupid people like myself who send there tokens to a contract address by accident if and how they can recover their tokens? There are a few of us who have made this mistake. Is very stressful.
I have done some research and to my understanding as long as you register the last public key used to hold your tokens, the tokens will be reclaimed at the end of the ICO to the source address used to send the missing tokens to the contract address. Is this correct. Any help/insight would be greatly appreciated.

You have burned your EOS ERC20 tokens. However, that said, the snapshot software will allocate these tokens to the Ethereum address that sent the tokens. Register your Ethereum address using an EOS public key to the EOSCrowdsale contract to guarantee accessibility from a chain that is utilizing a genesis block generated from the snapshot.

True Flip {ICO} - Already running a transparent blockchain lottery! Bomb! Bonus 20%! Hurry! :)
The platform is already working and making a profit :)
https://steemit.com/ico/@happycoin/true-flip-ico-already-running-a-transparent-blockchain-lottery-bomb-bonus-20-hurry

Mind sharing your research showing why you believe either of these services to be vulnerability free? I'm a software developer and that statement kind of makes me cringe a little. Your average user will not know the first thing about code. Hell even most experienced "power users" wouldn't know the first thing of how to vet the security of an open source application.

With that nitpick out of the way, I personally find myetherwallet to have been less transparent about their actions than anyone else as of late and I have been spending my time teaching people how to use parity instead of using some third party connection to the block chain.

Also, during the Status ICO myetherwallet displayed a blatant lie to it's users and never apologized or made a statement about their reasoning.

Great post this is.. EOS i going to MOON in next 15 days.. Must check this

https://steemit.com/eos/@durgeshg/don-t-miss-a-chance-to-become-a-millionaire-invest-to-eos

My research is in the source code. You can do offline signing and never expose your private keys if needed. As it says above "...MyEtherWallet may be more accessible for advanced users."

There is no indication of foul play in the the source code of MEW. Trusting the server is never a great idea, so you can download it and run locally if in a state of paranoia. If we judged the software of crypto based on minor grievances related to someone's character, crypto would be in the sewer because most everyone in crypto is an arrogant, flawed human.

If a user doesn't read the instructions, which include the phrases "advanced user," do your own research and an all caps disclaimer, then they shouldn't be messing with cryptocurrency in the first place.

Parity is definitely the ideal alternative, but it's also clunky and has an incredibly high bar of entry and not everybody wants to download the blockchain. Please continue educating the users on parity however, in the meantime, I've helped around ~500 people successfully participate in this ICO directly and around 10k through articles successfully obtain tokens.

Regarding the Status ICO message, yeah, that pissed me off too. But sometimes when you're herding 20k cats to save them from themselves, you've gotta wave a little tassel, even if that tassel is a lie.

I definitely could have handled this situation more calmly and strategically. The primary argument of this user was that the original language used in this article was misleading, but instead of communicating it as such, took what is in my opinion an aggressive and hostile approach. This user originally found meaning where there was none, in no revisions of this article did I explicitly claim I had research to support an argument that MEW was void of vulnerability.

My first mistake was not reading his initial comment closely enough, as this could have been mitigated from the start. Basically, I dug myself in a hole by not explicitly claiming that my research is my own and I have a philosophy of personal responsibility instead of claiming "the source code is my research", a response that is suitable only if personal responsibility precedes it.

My second mistake was being reactive as result of a poor emotional state resulting from dealing with an influx of trolls in the EOS Telegram combined with sleep deprivation related to a work contract.

With every bit of feedback this user provided, the language of the article was made more and more concise to address his concerns, resulting in a more comprehensive article on the subject.. So for that, I thank him.

However, this is a new user who is primarily weighted by purchased Steem, is flagrantly abusing Steemit flagging and self-voting for purposes of visibility dominance a.k.a narrative control. While this has practical applications, I do not believe this is one of them. As a community it would be my opinion we should not stand for these various abuses of the system to ensure long-term health of the network. It's of far more value to the network to see me make an ass out of myself, than to allow someone to exercise unchecked flag abuse. Allowing this to go unchecked sets the precedent that this type of behavior is tolerated.

Let's be fair. You can't link the source code and call that research. I'm more than fully aware of it being open source on the GitHub, but you cannot verify the server is running that version.

Nor can pretty much any normal user gather any information from the source code. Advanced user and all that doesn't touch on the level of experience required to verify source code.

You can hope more experienced users have done so, but that was why I was asking (not accusing) if you have done research to provide with the claims that the source code is somehow vulnerability free (there is likely very little code that is truly vulnerability free).

Not picking a fight, just saying that MyEtherWallet has done some shady practices in the past. It is good to have how to articles though so your main post is of course valuable.

Edit: oh i see your edit now. Congratulations on the internet gloating I guess on your super numbers for helping others invest in an ICO that had every single necessary instruction on their own website right alongside the information I would have advised likely investors to read. Take care bud.

This is crypto, do your own research. Trust no one.

Not gloating, I am outlining that I have been in telegram helping people for over a week, several hours a day, and that includes with parity, as well. You tell me I'm gloating, but you're the one draining the reward pool with voting bots

You're rather antagonistic for someone who isn't picking a fight.

@good-karma, could you be more selective with those you give power please?

You are ridiculous. Lmao.

Just quit telling people software you don't posess the ability to vet is vulnerability free.

Bold text doesn't make it more scary

Btw I see you flagged my comment. If you are just salty j flagged yours, you should know you got flagged for tagging another unrelated user simply because I'm posting via esteem. What is your reasoning for flagging besides just wanting "revenge

Btw I see you flagged my comment. If you are just salty j flagged yours, you should know you got flagged for tagging another unrelated user simply because I'm posting via esteem. What is your reasoning for flagging besides just wanting "revenge

No revenge, you're a hostile Steemian and thus, devalue the network. Because of this, I flagged your hostile comments. You could have expressed yourself in a more healthy manner, but chose not to. As a hostile commentator, the author of esteem should probably be aware of who they are sponsoring with votes. But ultimately, it's up to @good-karma who he would like representing esteem. On the other side, I upvoted one of your posts I enjoyed, even though it's no longer in the reward period. That is my form of revenge.

Go thru the comments and see which individual is offering up insults. I'll wait.

Feel free to edit them out if you'd prefer.

Maybe you can self vote to counteract the effect.

... You're a waste of time. Maybe contribute something for once, instead of spending so much time bringing people down. It will probably work out better for you.

Actually I do, but it's not my responsibility to do so. Nor do I have time. You're welcome to however! And I'll even link to it, even though you interact like a petulant child.

And I never told them it was vulnerability free nor was it implied. I asked them to DO THEIR OWN RESEARCH TO MAKE SURE A WALLET IS VULNERABILITY FREE

Always do plenty of research on a wallet before you drop a private key into it, and make sure it's secure and is void of vulnerabilities.

You should probably stop looking for things that aren't there.

Ok we are done here since you just want to argue. But your implication of that comment while recommending people use MEW is that it is "void of vulnerabilities"

You're the one who is argumentative, not to mention antagonistic and arrogant. There's no implication. The emphasis of that sentence is Always do plenty of research on a wallet before you drop a private key into it. I've progressively clarified based on your feedback, hopefully it appeases you. Thanks for bringing it to my attention that it wasn't clear enough.

Nice info. Thanks

Thank very much @sandwich, It turns out here is something that I have not known before. Thank you very much guys. You have shared something that became a new science for me in particular And to the reader in general. I just started to learn about cypto one of them ETH. Please support me on this platform to get to know what is ETH

Just downloaded metamask, was trying to figure out and happily got this post, good work sandwich

If you just downloaded MetaMask, be aware that this isn't some kind of requirement, this is just something you may considering doing.

Great post this is.. EOS i going to MOON in next 15 days.. Must check this

https://steemit.com/eos/@durgeshg/don-t-miss-a-chance-to-become-a-millionaire-invest-to-eos

Well done post You deserve for getting Upvote from me. I appreciate on it and like it so much . Waiting for your latest post. Keep your good work and steeming on. Let's walk to my blog. I have a latest post. Your upvote is high motivation for me. Almost all Steemians do their best on this site. Keep steeming and earning.

This comment has received a 0.08 % upvote from @booster thanks to: @hamzaoui.

Thank you @sandwich for this post. This give a solution and also clearly reads out the pros and cons of it. Would want to get enlightened with many more such arcticles in the future as well. So keep pumping good them in..!! ☺️✌️👍

Great information. Thanks for sharing.

So I can export my tokens from metamask to mew first and then claim them later using mew?

You don't need to export the tokens, you only access the wallet with a different interface.
With your private key, which you export from metamask, you access the tokens using MEW, then you transfer to desired address.
Read the steps slowly, and take a breath, and it will work for you as well!

Nice work sandwich. Just to add to roshania's question - moving your private key from MetaMask to MyEtherWallet allows you view your ether wallet (including tokens) which will then enable you to move your tokens somewhere else, for example to an exchange where you can trade them. If you can't see your tokens you might need to add them. The token distributor usually provides instructions but its pretty straightforward. Good luck

by the way i like That Profile Pic... Ymmy...