Metamask Security Advisory and Bug Bounty for Seed Phrase Concern

Published in

MetaMask

3 min readNov 13, 2017

Maintaining a safe and user-friendly account manager for the Ethereum ecosystem is a very fun and rewarding experience, but as more and more people use our software to hold their funds, concerns around security issues become increasingly important to address, no matter how unlikely those concerns may appear.

Background

MetaMask has received approximately 17 users reporting problems related to accounts and seed phrases. These users reported that they had been locked out of their MetaMask accounts, and when entering their recovery seed phrases they were given different Ethereum accounts from the accounts they had previously associated with that seed phrase.

These users have our sincerest concern, and we wouldn’t wish this experience on anyone. We’ve done a good amount of internal exploration of potential causes to these reports, but these 17 cases remain mysterious.

What You Should Do

Although this issue affects a very small subset of the Metamask user base (about 1% of 1%), in the interest of exercising extreme caution and transparency, we advise all users to re-verify their seed phrases immediately. This step is necessary even if you have previously backed up your seed phrase before. Here’s how.

Please let us know via email or our support portal if the seed phrase you see is different than the phrase you originally backed up.

What We Suspect

In the worst case scenario, this could mean that some users were shown an incorrect seed phrase to back up their current accounts, and should re-verify their seed phrases immediately. It could also be user error via a mis-written seed phrase, or some other confusion, but since we cannot verify the cause, we want to be as safe as possible by involving the community in this effort.

This does not mean that anyone’s accounts have been compromised by any external malicious individuals. If this is a real bug, it probably either exists in our core MetaMask Controller, or our main Keyring Controller. The bug would need to initially show a user one seed phrase, and after their confirmation, generate a fresh vault, and use it to generate their accounts.

Although MetaMask data is stored locally on each device and is encrypted with the user’s password, if your computer has a storage glitch, you will need to restore with your seed phrase, and if you have written the wrong seed phrase, you will lose all of your current accounts. That’s why we are asking all of our users to take precautions and back up their seed phrases again. Even if you backed up your seed phrase originally.

Bounties

Furthermore, we are issuing a pair of our very first bug bounties for anyone who can identify a related issue in MetaMask on GitCoin and on Bounties.network. We will be occasionally increasing these bounties, and are starting small out of caution for these new platforms.

If you are concerned about this issue but are not affected, you can contribute to these public bounties via bounties.network or Gitcoin. To be eligible for the bug bounties, a bounty-hunter must be able to reproduce behavior where a user is shown a different seed phrase than is used to generate their first accounts. This can be done through automated tests of our code or through manual reproduction steps.

Finally, we will be hosting an AMA on /r/ethereum on MetaMask’s key storage and account generation code for interested bounty-hunters in two days, on Wednesday, November 15, 2017 starting at 11am PST. The AMA is available here.

In Conclusion

We thank the community for their cooperation, understanding, and help. We will keep the community abreast of developments as they emerge.