Security of an encrypted wallet like MetaMask, worry due to recent events. MetaMask is in the cross-hairs of many users for its non-transparency in security matters. Vulnerability reports are increasing, without getting answers from the famous site. All these elements are preset and encourage the alarm bells for many analysts.
With such information, one could wonder if it is really sure to keep your cryptos on your MetaMask wallet. Knowing that it is the most popular wallet for Ethereum, one is entitled to wonder if a new attack could not affect the accounts of thousands of users again.
With the coming of “The Merge” on Ethereumit is possible to worry about a possible attack on the holders of the crypto.
The Solana hack causes tension in the crypto world
It is indeed the Solana’s recent hack will raise awareness on the security standards of the various crypto wallet services. SOL or USDC holders lost almost $6.6 million due to this attack. this targeted attack of Phantom and Fauna wallets thousands of users. An investigation is still underway to find out the exact reasons why this attack was successful. Recently, Zachxbt who defines himself as a detective on chain was able to trace the Binance wallet that participated in this attack. But it’s still impossible to know if this one hasn’t been compromised as well.
MetaMask leads the criticism
MetaMask is the most popular crypto wallet service when it comes to Ethereum. To reassure their customers, the latter announces that the teams in charge will carry out analyzes to strengthen the security of their portfolio.
but’MetaMask has also been independently audited by other experts. Its source code is also easily accessible on GitHub. According to them, MetaMask has the same security flaws that allowed hackers to compromise thousands of wallets on Phantom and Fana.
Despite recent statements from MetaMask, the latter seems to be still behind. He will have to go into overdrive if he wants to reassure and retain his customers in the coming months.
Giorgi Khazaradze, CEO of Aurox, regrets MetaMask’s irresponsibility. He says that the problem team does not respond to the reported information about the vulnerabilities of the site. The latter is working on a competing extension of MetaMask and intends to dismantle the juggernaut. But for now, MetaMask is still a huge success with almost 30 million users active monthly. This is a 42% increase if we compare these figures with the year 2021.
Giorgi Khazaradze reports that expansion could be hijacked
Khararadze thinks it is an HTML element can be used called an iframe to add a hidden app to a web page. MetaMask uses these iframes to allow connection to a decentralized application. But attackers can easily hijack the process. With this flaw, they could display various pop-ups on the user’s screen for example. The most accepted hypothesis would look like an NFT offeringwhere the user would have to log in to get it.
Part of the reason the flaw is so dangerous is how MetaMask works against it. If it detects a decentralized application on a website, it directly invites users to connect with it. This method is almost similar to the principle of clickjacking. MetaMask had already paid a heavy fine for this in June in the amount of $120,000.
This is not the first time that MetaMask has not responded to the injunctions of its peers. Alex Lupascu, the co-founder of Omnia had already warned about a major flaw in the extension, 5 months earlier. It seems this defect has not yet been corrected since it is still usable.
— Alex Lupascu oO (@alxlpsc) January 20, 2022
David Schwed thinks so anyway, no wallet is completely safe. The best solution is still to diversify your funds on different platforms. Therefore, the risks of losing everything are limited by concentrating the available capital in one place.
For him, the safest way to preserving your wallet means keeping your private key on secure hardware like a USB key for example. The best known are Ledger and Trezor.
for now, vigilance is required. Don’t fall for questionable online offers and thoroughly review your security settings.
To learn more about the Solana hack, visit our summary page by clicking here.