Is your Ethereum really safe in Meta Mask wallet?!đź‘€
Following the recent Solana hack, which resulted in the theft of millions of dollars, numerous users have questioned the security of the Meta Mask wallet!
In response to the news that $4.5 million in funds had been drained from thousands of Solana software wallets, the team behind MetaMask (the most widely used software wallet for Ethereum and Ethereum-compatible networks) brushed through the wallet’s codebase to ensure users would not be impacted by a similar hack.
This type of exercise has occurred before. Following concerns that the Near Wallet may have a flaw similar to the compromised Solana wallets, the protocol’s Twitter account stated Thursday night that users should “strongly consider” changing their security settings.
One way developers manage security is to scan for vulnerabilities after an attack has occurred. They should find them prior to them being exploited.
MetaMask has previously said that it is reorganizing its staff to respond directly to security vulnerabilities, but there are indications that it is struggling to keep up.
In a recent example, Aurox CEO Giorgi Khazaradze stated that when he sought to alert MetaMask’s staff about a vulnerability in June, they were unresponsive.
He informed Decrypt that his team was looking at MetaMask’s code, which is open source and available on GitHub since they were developing their own browser extension wallet.
The wallet has been advertised but has not yet been released. When it happens, it will be in direct competition with MetaMask. Simply put, Khazaradze stands to gain by throwing doubt on what is, by far and away, his new product’s main competition.
MetaMask had over 30 million monthly active users as of March, a 42% increase from the 21 million it had in November 2021.
According to Khazaradze, his team discovered that an inline frame could be used to add a hidden decentralized program, or dapp, to a webpage. There are several valid reasons to link MetaMask to a dapp operating in an iframe, which has been feasible since 2017. It might, however, be utilized by an attacker.
As a result, an attacker might conceivably develop a page that appears to be a legitimate program but links to one that the MetaMask user never encounters. An attacker couldn’t embed their malicious dapp on a site that they didn’t own. However, they may create a site that appears to be one thing, such as a free NFT mint, but connect to something altogether else.
It’s related, but not identical, to a clickjacking vulnerability for which MetaMask offered a $120,000 prize in June. An attacker can then conceal MetaMask on a webpage and deceive the user into disclosing confidential information or transferring payments.
The above-mentioned bug bounty program was implemented a few months later. It’s not like all MetaMask vulnerability reports go unnoticed. Halborn Security, a Web3 security firm, disclosed a vulnerability that might affect MetaMask users in June and received a hat tip from the MetaMask Twitter account for it.
On the other hand, there is a widespread belief that open-source projects are safer since their source code is available for examination by independent researchers.
In fact, in the aftermath of the Solana wallet attack on Wednesday, a developer known on Twitter as fubuloubu gained a lot of attention for declaring it’s “irresponsible not to have open source code in crypto.”
This blog was intended to provide an overview of how secure your cryptocurrency or NFTs are in a Meta Mask wallet. I hope you enjoy it!
The content provided in this article is not sponsored and is correct upto the best of my knowledge. This article is not financial advice and we are not responsible for any action taken in response to this article!
Feel free to check out our social platforms for daily crypto updates or contact us through the following channels:
Info Source: Decrypt, Stacy Elliott
New to trading? Try crypto trading bots or copy trading
