MetaMask has denied claims that an exploit of its wallet is the reason behind its massive wallet-draining operation. Currently, MetaMask has stated that its security teams are working tirelessly with independent researchers to uncover the actual reason for the exploit. The founder of Ethereum-powered wallet manager, MyCrypto, argued that an unidentified and unexplained wallet-draining exploit is responsible for stealing over $10.5 million worth of cryptos and NFTs since December 2022.
MetaMask stated through its Twitter account, that the statement is more of an allegation, and also argued how the exploit is not MetaMask specific.
Recent reporting on @tayvano_’s thread has incorrectly claimed that a massive wallet draining operation is a result of a MetaMask exploit.
This is incorrect. This is not a MetaMask-specific exploit. https://t.co/MiJ3QgslMy
— MetaMask 🦊💙 (@MetaMask) April 18, 2023
The wallet service provider stated that approximately 5,000 ETH were stolen from different addresses across 11 blockchains, highlighting how the claim of the funds being hacked from MetaMask was incorrect. Similarly, the masses believe that factors such as private keys leak or seed phrase leaks might have contributed to the exploit.
MetaMask also instructed users, saying:
“As always, remember to store your Secret Recovery Phrase safely offline and store larger amounts of crypto in a hardware wallet.”
The MetaMask Exploit – Chain of Events
As of now, there is no solid answer to how the massive attack was carried out, but it is speculated that a chunk of old data was obtained and used to drain the funds. It was further revealed that the exploiter had been involved in draining both long-term MetaMask users and employees using MetaMask itself.
The wallets that fell victim to exploitation had a few factors in common. All of these wallets belonged to MetaMask OGs instead of relatively new users. At the same time, all of the wallets that were drained generated their private keys or seed phrases between 2014 and 2022.
Furthermore, all stolen assets were swapped to ETH via MetaMask’s built-in swap feature before they were drained out of wallets. However, this is bound to happen when the target address holds a lesser value and a basket of tokens.
It is also speculated that the attacker has hold of a fatty cache of data that enables them to steal assets methodically. The source of the compromise is still a matter of conjecture despite a thorough analysis of a number of wallets. Currently, there is no optimum solution for the affected MetaMask users to recover their stolen funds, or guard themselves against the ongoing exploits.
