오늘 slack 에서 메시지를 받았는데,

피싱 메시지라서 주의를 부탁드립니다.

이더리움 소지자에게
피싱 공격이 증가하고 ETH 네트웍크의 요청이 증가해서 모든 ETH Wallet 에 2FA 를 적용하기로 결정했다.
MyEtherWallet.com 에 접속해서 지갑을 새로운 보안 레벨로 업그레이드 해라.
새 보안 프로토콜 구현되지 않으면(지갑을 업그레이드 하지 않으면) 모든 펀드에 대한 접근을 할 수 없음을 명심해라
어쩌구저쩌구...

결국 링크는 "myether valet . 컴" 이었습니다. 100% 피싱입니다.

저는 접속을 시도 해 보았습니다만, 메타마스크가 이를 감지 하는군요..

마이이더월릿에서 2FA 를 할 수 있느냐는 질문이 있는데, 이는 가능하지 않다는 것이 답변입니다.

2FA 는 OTP, SMS 등을 이용합니다.
OTP 를 쓴다면 서버에서 OTP 가 정확한지 확인해야 하며,
SMS 를 쓴다면 서버에서 SMS 발신/확인을 해야 합니다.

마이이더월릿은 이러한 서버를 두지 않고 있습니다.

피싱이 극성이네요...
메타마스크가 큰 도움이 되네요....

---

Today I got a slack from Slackboat @nxtchat.

Be careful : This message is phishing itself.

@amachleb asked me to remind you “To all Ethereum Holders:

Due to the increasing number of phishing attacks and holders requests from the ETH network, we decided to implement Two-factor Authentication on all ETH wallets.

Please visit Myetherwallet.com to upgrade your wallet to the new security level.

Please be aware that you will not be able to access your funds, tokens and wallet anymore if the new security protocol is not implemented.

We are taking this measures to protect both you and our network from phishing and malicious attacks.

Thank you for your cooperation and understanding,

The Ethereum DEV team.

The message is 100% phishing.
I tried to access the url "my ether valet dot com".
However Metamask wallet plugin in my chrome detect malicious URL, and protected me.

Question : Can I turn on 2FA for MyEtherWallet?

https://myetherwallet.groovehq.com/knowledge_base/topics/can-i-turn-on-2fa-for-myetherwallet

The Answer is no. Because 2FA is server related work.

No. And if you landed on a site telling you that you could, they are lying to you and trying to steal your private keys.

2FA / MFA is something that works for server-side applications in order to add an additional layer of security on top of the username / password.

In the case of MyEtherWallet.com, a client-side application, you store your key. That key is the core piece of information that allows access to your account and, while you can encrypt it with a password, there is no server that can verify or track a 2FA login / OTP when you are using MyEtherWallet. If someone gets your private key (keystore file, mnemonic, passwords), they have complete access to your funds. There is no stopping transactions, canceling transactions, or resetting passwords.

Basically, it's an authentication primitive, not a cryptographic one.

In order to implement it, we would need to store your key and protect it on our servers, which is not something we aim to do. If this is functionality that you do want, feel free to use any exchange / hosted wallet like Coinbase, Kraken, Poloniex, Bittrex, Bitfinex, Gemini, and so forth. Just be aware of the risk of letting someone hold your keys for you.

More information: https://github.com/kvhnuke/etherwallet/issues/292