Global blockchain supervision and query platform

English
Download
Home Exchange Project Token Review News Market Field Survey WikiEXPO Education Forum Live Big Data Announcement Calendar Newsletter Community
Your Location:   Home >
News >
Main body

Trader’s Lesson: Why You Shouldn’t Keep Large Amounts of Crypto in MetaMask

Trader’s Lesson: Why You Shouldn’t Keep Large Amounts of Crypto in MetaMask WikiBit 2021-02-23 11:54

While most of the crypto world was enjoying new all-time highs this past weekend, popular crypto trader under the Twitter pseudonym notsofast went through a personal crypto nightmare as his Metamask hot wallet was compromised in a security breach. Even though the trader reacted quickly and spent twelve hours dealing with the attack, the thieves still managed to snatch more than ETH 46 (USD 74,000), USD 34,000 worth of altcoins, and even his notsofast.eth domain.

While most of the crypto world was enjoying new all-time highs this past weekend, popular crypto trader under the Twitter pseudonym notsofast went through a personal crypto nightmare as his Metamask hot wallet was compromised in a security breach. Even though the trader reacted quickly and spent twelve hours dealing with the attack, the thieves still managed to snatch more than ETH 46 (USD 74,000), USD 34,000 worth of altcoins, and even his notsofast.eth domain.

The trader tweeted that he is not sure how the hack happened but a potential attack vector was MetaMask‘s feature of storing the wallet’s private key in the browsers cache, which is accessible to any open tab.

The trader refused any donations and compensation funds from the community and urged everyone to get a password manager and a hardware wallet.

He also stressed the importance of account segregation, saying that traders should create new browser profiles for each WEB 3.0 wallet type they use, and run nothing else in those accounts. Ideally, one should use a separate computer or device that is used for crypto transactions and nothing else, he said in a tweet.

Developer and consultant Udi Wertheimer also weighed in, warning that if you use the Metamask browser extension, it is probably the weakest link in your security plan.‘’ He added:

“If you MUST use it, buy a Chromebook and a hardware wallet and use them STRICTLY for Metamask.”

According to him, while a Chromebook limits what can be installed on ones computer, it still allows installation for potentially malicious browser plugins, so one must beware of installing them.

Wertheimer explained that even if you use a hardware wallet for interacting with Metamask, it is still a high-risk operation because of the way it handles approvals. As such, the best way to avoid issues in the future is to limit the amount of funds kept in hot wallets and compartmentalize accounts to limit the damage from exploits. He added:

“For most people, it‘s probably safer to use a mobile phone ETH wallet instead of a clean laptop + hardware wallet combo. This is far from perfect too but it’s not as ridiculously weak as the Metamask browser extension is.”

Disclaimer:

The views in this article only represent the author's personal views, and do not constitute investment advice on this platform. This platform does not guarantee the accuracy, completeness and timeliness of the information in the article, and will not be liable for any loss caused by the use of or reliance on the information in the article.

MetaMask

WikiBit Exchange

  • Token conversion
  • Exchange rate conversion
  • Calculation for foreign exchange purchasing
/
PC(S)
Current Rate
Available

0.00

You may also like