Robert Steinadler, a month ago

A mysterious wallet exploit concerns security researchers

Security is important when dealing with cryptocurrencies. All transactions are final and investors should always take into account that not everyone out there on the internet is being honest. Decentralized finance is especially vulnerable since many smart contracts are at work and one single line of buggy code can expose millions. This explains why so many exploits have happened in the past with so many different protocols throughout several blockchains. However, the most recent incident cannot be attributed easily.

Is MetaMask exploitable and what should users do to stay safe?

An unknown exploit

Yesterday, the security researcher and MetaMask developer Taylor Monahan reported on Twitter that there is an unknown exploit that is targeting experienced users. What they had in common was a reasonably secure wallet setup which begged the question of how they lost their digital assets.

According to Monahan, over $10 million worth of coins, stablecoins, tokens, and NFTs were stolen since December 2022. He speculated on Twitter that this must be some sort of highly sophisticated exploit but could not provide conclusive evidence to support this theory.

While it appears that simple phishing scams could be excluded as a source, there is no guarantee that Monahan’s contacts were as cautious as he claims. Despite the doubts about his sources, there is still no satisfying answer to how these wallets got drained. One theory that Monahan took into account is that an attacker might have come across old data that was phished in past and now has to search through it to find all the private keys. This would explain why also wallets were drained that were created between 2014 and 2022.

MetaMask denies exploit

MetaMask took the report very seriously and reminded the public that this was not an exploit that is specific to MetaMask. Their team is also actively looking into the issue and is working with other companies and security researchers worldwide.

Monahan took also the opportunity to state specifically that this problem applies to several different wallets and is not a problem of MetaMask. Assets on 11 different blockchains were stolen by draining the affected wallets.

How to protect your crypto?

While there is still no answer to the question of how the attacker gained access to those wallets, there is a lot each user can do to stay safe. We have prepared specific articles for you to learn how to protect your crypto from phishing and how to safely navigate this space.

One way of dealing with the risks is simply trusting the LiteBit wallet because it is maintained and kept secure by professionals at all times. Of course, if you like to hold your crypto in self-custody you should opt for something else. Hardware wallets are still one of the best solutions since they require physical access. This prevents becoming a victim of most remote attacks other than phishing and social engineering.

Featured articles
Four trading strategies for crypto
Bitcoin and Ethereum: what are the differences?
What determines the Bitcoin price?
Related articles
Sharing Shards: Ledger Recover sparks controversy

May 16, 2023

Creating reliable backups of one’s hardware wallets is perhaps the most important thing. This is usually done by writing down a so-called seed phrase consisting of 24 words. Losing this recovery phase means losing access to the wallet if it is lost or physically damaged. A couple of methods are available to ensure the seed is kept safe. Some users go so far as to engrave them in steel plates to make them fire and waterproof. 

Trade anytime, anywhere

Boost your trading impact and reaction time in over 80+ cryptocurrencies via instant access to your portfolio with the LiteBit app.

App Store
Google Play Store
  • 2525 Ventures B.V.
  • 3014 DA Rotterdam
  • The Netherlands
More info
  • About LiteBit
  • Support
  • Sell
  • News
  • Education
Subscribe for updates

Sign up to stay informed via our email updates

Explore popular coins
© 2023 LiteBit - All rights reserved