Metamask exploit for $10M+ & security breached
This Metamask exploit was first discovered by Taylor Monahan, the developer who still is unsure and no one knows the potential impact or how to hacker(s) could drain those wallets of more than 5000 ETH yet.
In Brief:
- Metamask exploited for $10M+ and no one knows how to mitigate it yet
- Common Phishing Attempts after security breach affecting 7000 users
- How to protect your investments with Diversification
For the past 48hrs I’ve been unwinding a massive wallet draining operation 😳😭
I don’t know how big it is but since Dec 2022 it’s drained 5000+ ETH and ??? in tokens / NFTs / coins across 11+ chains.
Its rekt my friends & OGs who are reasonably secure.
No one knows how. pic.twitter.com/MafntG7RkP
— Tay 🦊 💖 (@tayvano_) April 18, 2023
Metamask has been very secured with their existence and it’s one of the best non-custodial software wallets, we even recommend utilizing it because of its popularity and security. And with the recent security breach effecting 7000 users we have to up the game by taking the advice of hardware wallets to store and secure long term investments while splitting funds with multiple wallets/keys for certain activities like trading, investing or airdrops.
“This is NOT a low-brow phishing site or a random scammer… It ONLY [steals from] OGs,”
Tay wrote and for now we do not know how the compromise works to mitigate with solutions but only some known commonalities:
Afaik, no one has determined the source of their compromise.
Multiple devices have been forensic’d. Nothing.
The only known commonalities are:
– Keys were created btwn 2014-2022
– Folks are those who are more crypto native than most (e.g. multiple addresses, work in space, etc)— Tay 🦊 💖 (@tayvano_) April 18, 2023
We don’t know what we don’t know
This is very dangerous because even the experts do not know the root cause until maybe more damages and to keep up with all the updates from many devices will be an impossible task for anyone who is not tech savvy since this Metamask exploit is not the first and it won’t be the last; however when it comes to security of your crypto portfolio you need to invest the time. We have a few great options when it comes to non-custodial software wallets from Metamask to Uniswap but don’t forget to keep your devices up-to-date as the first thing.
Vulnerabilities have been found in iOS & macOS. The flaws include one which allows attackers to gain access to sensitive user info by intercepting net traffic, as well as a bug that allows malware to bypass Apple’s security & gain root access.
More 👇https://t.co/VhtofmqNAG
— Kaspersky (@kaspersky) April 18, 2023
How to Protect your Investments
As always be careful with your cryptoS especially with new exploits, old phishing attempts or regular security breaches from centralized parties. Diversification your investment is one thing but also your security as well since even the “reasonably secured” parties got exploited not to mention the mainstream users. Needless to say that the technologies are not yet matured enough for the regular everyday consumers to feel confident about personal responsibilities as we continue to improve the overall experience and getting it all ready for mass adoption in the coming years ahead.
