Security is important when dealing with cryptocurrencies. All transactions are final and investors should always take into account that not everyone out there on the internet is being honest. Decentralized finance is especially vulnerable since many smart contracts are at work and one single line of buggy code can expose millions. This explains why so many exploits have happened in the past with so many different protocols throughout several blockchains. However, the most recent incident cannot be attributed easily.

Is MetaMask exploitable and what should users do to stay safe?

An unknown exploit

Yesterday, the security researcher and MetaMask developer Taylor Monahan reported on Twitter that there is an unknown exploit that is targeting experienced users. What they had in common was a reasonably secure wallet setup which begged the question of how they lost their digital assets.

According to Monahan, over $10 million worth of coins, stablecoins, tokens, and NFTs were stolen since December 2022. He speculated on Twitter that this must be some sort of highly sophisticated exploit but could not provide conclusive evidence to support this theory.

While it appears that simple phishing scams could be excluded as a source, there is no guarantee that Monahan’s contacts were as cautious as he claims. Despite the doubts about his sources, there is still no satisfying answer to how these wallets got drained. One theory that Monahan took into account is that an attacker might have come across old data that was phished in past and now has to search through it to find all the private keys. This would explain why also wallets were drained that were created between 2014 and 2022.

MetaMask denies exploit

MetaMask took the report very seriously and reminded the public that this was not an exploit that is specific to MetaMask. Their team is also actively looking into the issue and is working with other companies and security researchers worldwide.

Monahan took also the opportunity to state specifically that this problem applies to several different wallets and is not a problem of MetaMask. Assets on 11 different blockchains were stolen by draining the affected wallets.

How to protect your crypto?

While there is still no answer to the question of how the attacker gained access to those wallets, there is a lot each user can do to stay safe. We have prepared specific articles for you to learn how to protect your crypto from phishing and how to safely navigate this space.

One way of dealing with the risks is simply trusting the LiteBit wallet because it is maintained and kept secure by professionals at all times. Of course, if you like to hold your crypto in self-custody you should opt for something else. Hardware wallets are still one of the best solutions since they require physical access. This prevents becoming a victim of most remote attacks other than phishing and social engineering.