The Monero web wallet says it has undergone a successful security review by an independent provider, with analysts concluding “a number of potential vulnerabilities” have now been fixed, with their risks mitigated.

XMRWallet’s infrastructure was audited by New Alchemy, a blockchain strategy and technology advisory group. During its tests in June 2018, the application’s web traffic and user interface were inspected, all with the aim of uncovering security flaws that could affect trustworthiness.

In its report, New Alchemy concluded: “The XMRWallet application exhibits a high-quality user experience, a modern development approach, and a clear separation of client and server functionality. However, the security review has identified a number of potential vulnerabilities.”

Although these issues varied in severity — some minor, some critical — New Alchemy’s assessment concluded all these flaws were fixed. Examples included the “potentially risky usage of JavaScript” along with the “inadvisable display of private fields and input auto-completion.”

Following retesting — with XMRWallet given advice on ways to mitigate certain issues — New Alchemy said all seven critical issues had been fixed. All but one of the moderate issues raised were addressed, with the last one being reclassified as a “general concern” instead of a security issue. Three minor issues were also fixed, and another three were partially fixed or described as “informational.”

The report added: “The XMRWallet application provides an excellent and intuitive user interface. Each aspect of the application was exercised, including value transfers to and from multiple counter-parties. The code organization and development process facilitated understanding how components fit together. A key strength of the application is minimal endpoints, minimal external data dependencies and minimal unrelated web traffic.”

Overall, New Alchemy said the fixes didn’t require a “major code rip-up” to be resolved, but they would result in a “significant uplift in application trustworthiness.”

New features unveiled

The audit came as XMRWallet began to introduce a suite of new features — including the ability to set the USD pride for sending Monero, matched in XMR automatically. Improvements have also been made to the confirmation window seen by users before they complete a transaction and transfer money.

XMRWallet’s founder, Nathalie Roy, was motivated to launch the platform after using MyMonero and concluding that there were several features which could enhance it further. She also believed that XMRWallet could help in the quest for decentralization — offering a backup plan in case other web wallets become unavailable.

Accounts can be created instantly on XMRWallet, and the platform currently supports 10 languages. The wallet also promises fast transaction times — paving the way for Monero to be sent and received immediately.

XMRWallet.com describes itself as an “open-source web environment” for Monero wallets — and the platform has vowed to be completely free for users, relying on donations in order to provide continued service.

What is Monero?

Supporters of Monero say the decentralized cryptocurrency is secure because every transaction is confirmed via a distributed consensus before it is immutably recorded on the blockchain. As a result, this means crypto enthusiasts do not need to rely on third parties.

Another attribute of Monero is its untraceable, private nature. Addresses used to send and receive crypto — along with the amounts involved in a transaction — are hidden in order to ensure that payments cannot be linked to a certain user, creating the risk of them being identified in a real-world environment.