The XMRWallet, founded and developed by Nathalie Roy, has passed a security audit conducted by the New Alchemy Blockchain security division. New Alchemy stated that all the of critical issues had been fixed in the report published on July 18. Some new features of the app were introduced after the audit, although the founder of XMRWallet promised to consult with the auditors on any changes “to ensure a high level of security that everyone deserves.”
Disclosure: This is a Sponsored Article
Being on the list of the most popular cryptocurrencies, Monero aims to occupy the niche space of being an anonymous and secure coin. Major cryptos use open blockchains, which means transparency but also can be a way to trace a transaction to a real-world person. Monero allows for the obfuscation of sending and receiving addresses — as well as the amount of transactions — thanks to the specific CryptoNight algorithm.
Just like Monero, the XMRWallet is rooted in the community and was first introduced by Monero followers on the altcoin’s subreddit. It is a wallet for Monero transactions that strives to keep the anonymity of its users and facilitate the usage of the coin.
XMRWallet is a community-driven product, so it is funded by the users’ donations and does not charge any fees for the payments — apart from mining. It also relies on enthusiasts to further its development by having an open-source code.
A user can start using the wallet without registration. Instead, he/she may enter a once-generated Seed code — which is a unique combination of 25 words — to sign in. The optional registration process is instant and does not require passing any KYC procedures. The app does not keep any user data, and the Seed code is kept with the user.
The wallet is compatible with MyMonero seeds for wallet imports, as well as original Monero seeds for wallet imports. There is a visible height synchronization with a progress bar, and an automatically updated XMR/USD balance view. In addition, the XMRWallet already supports 10 languages, including English, German, French, Chinese, Spanish, Japanese and Russian.
To keep up with their claimed level of security, the startup’s founder and Monero enthusiast, Nathalie Roy, performed the app’s audit with New Alchemy — a blockchain strategy and technology group specializing in tokenized capital solutions, having an entire market cap of client portfolios exceeding $1.2 billion.
New Alchemy’s blockchain security division carried out XMRWallet’s review in early June. It focused on identifying the susceptibility to security flaws in the application’s behavior that may impact trustworthiness. Specialists inspected the app’s user interface and web traffic, along with part of the source code.
The results, published on July 18, show that XMRWallet’s “private server-side API functionality obfuscated client code and cryptography was out of scope.” However, a set of critical and minor exposures were identified. This included a cross-site scripting vulnerability stemming from the price feed, outdated component dependencies on both the client and the server, missing security-relevant headers as received from the server, inadvisable display of private fields and input auto-completion, and potentially risky usage of JavaScript and HTML/DOM functionality.
However, all of the critical issues were addressed by the XMRWallet’s team, which was confirmed by New Alchemy during a retest.
New Alchemy has reported that the XMRWallet “provides an excellent and intuitive user interface.” The group also stated that, “A key strength of the application is minimal endpoints, minimal external data dependencies and minimal unrelated web traffic.”
Upon the completion of the security audit, the XMRWallet.com team released new features: the option to set a USD price for sending Monero, a cleaned-up confirmation window when sending and a customized page for printing the Seed code.
“I will continue to consult with the New Alchemy over any changes made to the site to ensure a high level of security that everyone deserves,” Nathalie Roy concluded.
Image(s): Shutterstock.com