The founder of Ethereum wallet manager, MyCrypto initially claimed that the exploit was targeting MetaMask users, but MetaMask denies that the exploit is specific to its wallet and is working to uncover the true source of the hack
MetaMask, a popular cryptocurrency wallet provider, has denied claims that an exploit in its wallet is the cause of a recent “massive wallet draining operation” that has resulted in the theft of over 5,000 Ether (ETH), equivalent to more than $10.5 million in crypto and nonfungible tokens (NFTs), since December 2022. The claims were made by Taylor Monahan, the founder of MyCrypto, an Ethereum wallet manager, in a series of tweets posted on April 17.
In response, MetaMask took to Twitter on April 18 to clarify that the reports claiming the exploit was a result of a MetaMask vulnerability were incorrect. The wallet provider stated, “This is not a MetaMask-specific exploit.” MetaMask also confirmed that its security team was actively researching the source of the exploit and working with other players in the Web3 wallet space to uncover the truth.
Wallet Guard co-founder Ohm Shah, who has been closely following the situation, said that the MetaMask team has been diligently investigating the issue but has not yet found a definitive answer on how the exploit occurred. Shah speculated that a potential cause could be a leak of private keys or seed phrases, which are critical for accessing cryptocurrency wallets.
MetaMask reiterated that the 5,000 ETH stolen in the wallet draining operation were taken from various addresses across 11 blockchains, further emphasizing that the claim that the funds were hacked from MetaMask was incorrect.
Monahan, in her initial thread on the exploit, stated that the massive attack had been conducted in a way that was not yet understood, but she speculated that a significant amount of old data may have been obtained and used to extract the funds.
Mohahan had also originally claimed that the attacker was targeting long-time MetaMask users and employees specifically. However, Monahan later clarified that the exploit was not specific to MetaMask and that users of all wallets, including those created on hardware wallets, had been impacted.
The situation highlights the ongoing challenges and risks associated with cybersecurity in the cryptocurrency space. Despite the increasing adoption of blockchain technology and digital currencies, security vulnerabilities and exploits remain a persistent concern. It also underscores the need for constant vigilance and collaboration among industry players to identify and address vulnerabilities promptly and effectively.
As the investigation into the exploit continues, MetaMask and other stakeholders in the Web3 wallet space are working diligently to uncover the source of the vulnerability and take appropriate measures to safeguard user funds.
In the meantime, users are advised to remain cautious and practice good security hygiene, such as using strong and unique passwords, enabling multi-factor authentication, and keeping their wallets and software up-to-date with the latest security patches.
Additionally, it is crucial to rely on reputable sources for information and updates on security incidents and to exercise caution when interacting with unknown or suspicious entities in the cryptocurrency ecosystem