MetaMask Denies Alleged $10m $ETH Exploit

Web3 wallet developer MetaMask has issued statements refuting claims that an exploit on its wallet has led to a "massive wallet-draining operation" resulting in the theft of over 5,000 in $ETH worth roughly $10 million based on current prices.

The allegation surfaced in a series of tweets by Taylor Monahan, the founder of Ethereum wallet manager MyCrypto, on April 17. Monahan explained that an unidentified wallet-draining exploit had reportedly stolen over $10.5 million in cryptocurrency and nonfungible tokens (NFTs) since December 2022.

Responding to the claims made on April 18, MetaMask asserted that the reports were incorrect, and that the wallet-draining operation was not a MetaMask-specific exploit. The wallet provider further stated that the 5,000 ETH had been stolen from various addresses across 11 blockchains, emphasizing the inaccuracy of the claim that the funds were hacked from MetaMask.

Recent reporting on @tayvano_’s thread has incorrectly claimed that a massive wallet draining operation is a result of a MetaMask exploit.

This is incorrect. This is not a MetaMask-specific exploit. https://t.co/MiJ3QgslMy

— MetaMask 🦊💙 (@MetaMask) April 18, 2023

Ohm Shah, co-founder of Wallet Guard, a web3 security extension that provides transaction simulation and proactive phishing detection, spoke about the efforts that MetaMask's security division has been sustaining to investigate the matterr. Shah says that there has been “no solid answer to how this [exploit] has happened." Shah also said that independent security researchers across the Web3 industry have also been working on the problem, adding that it was highly possible that the breach was due to a private key or seed phrase leak.

Recent coverage on MetaMask has detailed how the Web3 wallet is now integrated with Unity. MetaMask has also launched a new fiat on-ramp feature on its wallet. The platform also has an ongoing Web3 education initiative. In December 2022, CryptoDaily reported concerns over the collection of user IP addresses on the Web3 wallet.

MetaMask confirmed in a series of tweets that its security team has been actively researching the source of the exploit and collaborating with others in the Web3 wallet space. In her previous Twitter thread discussing the exploit, Monahan noted that the exact method of this massive attack remained unknown. She guessed that old data had been obtained and used to extract the funds.

Monahan initially claimed that the attacker was targeting long-time MetaMask users and employees by exploiting MetaMask. However, she later clarified that the exploit was not specific to MetaMask and had impacted users of various wallets, including those created on hardware wallets.

As further investigations by Web3 security researchers on the alleged wallet-draining operation continue, it is advisable for the the crypto and web3 user community to remain vigilant and closely follow developments in the case. The outcome may have broad implications for wallet providers and their security measures to protect users' funds and digital assets from similar attacks in the future. CryptoDaily will update this article as further details surface.

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice. This story is currently developing and CryptoDaily will provide diligence to update this article with relevant information once available and as the matter unfolds.