See More

MetaMask Denies Wallet Draining is Due to Exploit

2 mins
Updated by Ali M.
Join our Trading Community on Telegram

In Brief

  • MetaMask called characterizations of a recent multi-wallet hack as a MetaMask exploit inaccurate.
  • The wallet developer was responding to a Twitter thread tracing fund related to the loss of about 5,000 ETH.
  • MetaMask users have recently been spooked by data breaches and phishing scams,
  • promo

Self-custodial MetaMask has denied claims by Taylor Monahan of MyCrypto that a recent multiple-wallet hack was a MetaMask-specific exploit.

According to the wallet provider, an attacker withdrew 5,000 Ethereum (ETH), worth about $10 million, from different addresses across 11 blockchains rather than only from MetaMask users.

MyCrypto CEO Retracts, Says Attack Vector Not Obvious

It confirmed that its security team was working with other affected wallet providers to determine the source of the attack.

MetaMask’s response follows a Twitter thread by Taylor Monahan claiming that an attacker stole funds through a MetaMask-specific exploit that affected long-standing users and MetaMask employees. 

Monahan, the CEO and co-founder of MyCrypto claimed to have unearthed a months-long 5,000 ETH exploit. The founder alleged that the attacker was “sending” smaller “txns [transactions] via MetaMask,” draining crypto from long-time users and employees. She clarified later in the thread that the exploit was not specific to the platform.

Monahan also confirmed that the hack also affected users of Ledger Live, MyCrypto, Trust, and Exodus wallets. She speculated earlier that the attack originated from a data leak.

MetaMask Exploit
Exploit. Source: Monahan

Crypto wallets are software applications holding special strings called keys used to transfer crypto without an intermediary. MetaMask allows a user to hold and transfer ETH or any ETH-based token.

Blockchain security specialist SlowMist’s founder said that the keys may have been part of a larger data breach and only discovered later to be crypto keys.

MetaMask Had Security Troubles Recently

On April 14, the wallet’s developer ConsenSys confirmed a data breach affecting over 7,000 users. 

Hackers gained unauthorized access to a MetaMask customer service provider who sent phishing emails to users who contacted the service provider between August 2021 and February 2023.

The scam emails requested that users update their Know-Your-Customer information, resulting in economic losses for three customers. ConsenSys later confirmed that MetaMask itself was safe to use.

Before that, scammers sent unsolicited emails to users through compromised Namecheap email providers. The scam asked users for their secret recovery phrase, a string of words users need to recover their private keys.

For Be[In]Crypto’s latest Bitcoin (BTC) analysis, click here.

Top crypto platforms in the US | March 2024
Coinbase Coinbase Explore →
AlgosOne AlgosOne Explore →
Chain GPT Chain GPT Explore →
iTrustCapital iTrustCapital Explore →

Trusted

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

David-Thomas.jpg
David Thomas
David Thomas graduated from the University of Kwa-Zulu Natal in Durban, South Africa, with an Honors degree in electronic engineering. He worked as an engineer for eight years, developing software for industrial processes at South African automation specialist Autotronix (Pty) Ltd., mining control systems for AngloGold Ashanti, and consumer products at Inhep Digital Security, a domestic security company wholly owned by Swedish conglomerate Assa Abloy. He has experience writing software in C,...
READ FULL BIO
Sponsored
Sponsored