MetaMask Denies Wallet Exploit Linked To $10.5M Loss

MetaMask, a popular crypto wallet provider, has refuted allegations that an exploit in its wallet was responsible for the loss of over 5,000 ether worth more than $10.5 million in cryptocurrencies and non-fungible tokens (NFTs) since December 2022. The accusations were made by Taylor Monahan, founder of Ethereum (ETH) wallet manager MyCrypto, in a series of tweets.

Multi-chain Wallet Theft

In response to these allegations, MetaMask released a statement on April 18 denying that the loss of funds was due to a MetaMask exploit. The company clarified that the funds were stolen “from various addresses across 11 blockchains” and that the claim that the funds were hacked from MetaMask was false. MetaMask’s security team is currently investigating the source of the exploit and is collaborating with others across the Web3 wallet space.

Initially, Monahan claimed that the exploit was specifically targeting long-time MetaMask users and employees. However, she later stated that the exploit was not MetaMask-specific and that users of all wallets, including those created on a hardware wallet, had been impacted by the exploit.


Multiple Heists

According to Monahan, the hacker would carry out a secondary heist in the hours following their initial heist to obtain assets and dust that they had missed the first time. Large-scale thefts are executed by converting assets into ETH within the victims’ wallets and then into Bitcoin via a controlled swapper. After a week, the crypto is washed through a rugged crypto mixer to make it traceable.

Monahan further warned that the vulnerability was not a conventional phishing effort or the work of random crooks. Instead, it specifically targets individuals with expertise in protecting their digital assets. As a result, she encouraged anyone with investments linked to a single private key to transfer their money, divide up their assets, or get a hardware wallet.

The allegations made by Monahan have caused concern among crypto investors. However, MetaMask’s response has helped to allay some fears. The fact that the exploit is not MetaMask-specific suggests that it may be more difficult to target individual wallets, and users of all wallets will need to be vigilant. As the investigation continues, investors are advised to take precautions to protect their digital assets.