Companies Editor's Picks News

MetaMask Denies Claims Wallet Exploit in $10M Hack

MetaMask Denies Claims Wallet Exploit in $10M Hack

MetaMask has denied claims that an exploit of its wallet is the reason behind its massive wallet-draining operation. Currently, MetaMask has stated that its security teams are working tirelessly with independent researchers to uncover the actual reason for the exploit. The founder of Ethereum-powered wallet manager, MyCrypto, argued that an unidentified and unexplained wallet-draining exploit is responsible for stealing over $10.5 million worth of cryptos and NFTs since December 2022.

MetaMask stated through its Twitter account, that the statement is more of an allegation, and also argued how the exploit is not MetaMask specific.

The wallet service provider stated that approximately 5,000 ETH were stolen from different addresses across 11 blockchains, highlighting how the claim of the funds being hacked from MetaMask was incorrect. Similarly, the masses believe that factors such as private keys leak or seed phrase leaks might have contributed to the exploit.

The exploit is not MetaMask specific

MetaMask also instructed users, saying:

“As always, remember to store your Secret Recovery Phrase safely offline and store larger amounts of crypto in a hardware wallet.”

The MetaMask Exploit – Chain of Events

As of now, there is no solid answer to how the massive attack was carried out, but it is speculated that a chunk of old data was obtained and used to drain the funds. It was further revealed that the exploiter had been involved in draining both long-term MetaMask users and employees using MetaMask itself.

The wallets that fell victim to exploitation had a few factors in common. All of these wallets belonged to MetaMask OGs instead of relatively new users. At the same time, all of the wallets that were drained generated their private keys or seed phrases between 2014 and 2022.

The MetaMask Exploit - Chain of Events

Furthermore, all stolen assets were swapped to ETH via MetaMask’s built-in swap feature before they were drained out of wallets. However, this is bound to happen when the target address holds a lesser value and a basket of tokens.

It is also speculated that the attacker has hold of a fatty cache of data that enables them to steal assets methodically. The source of the compromise is still a matter of conjecture despite a thorough analysis of a number of wallets. Currently, there is no optimum solution for the affected MetaMask users to recover their stolen funds, or guard themselves against the ongoing exploits.

Related posts

DAI Increases its Supply by 24% in Two Months: Which Are the Reasons?


ZKSNACKS Shutting Down Coinjoin Service: Impact on Wasabi Wallet and Bitcoin Privacy


EOS, XLM, ADA, IOTA. Technical analysis and forecast of the exchange rate on 3-4 November 2018