MetaMask denies wallet exploit allegations in $10.5m crypto hack
Crypto wallet provider MetaMask has pushed back against accusations that an exploit in its wallet led to a massive wallet-draining operation that siphoned off more than 5,000 ether.
The denial comes in response to a series of tweets by Taylor Monahan, founder of Ethereum (ETH) wallet manager MyCrypto, who claimed that an unidentified wallet-draining exploit had resulted in the loss of more than $10.5 million in cryptocurrencies and non-fungible tokens (NFTs) since December 2022.
In a statement released on April 18, MetaMask clarified that recent reports linking the loss of funds to a MetaMask exploit were incorrect. The company emphasized that the funds were stolen “from various addresses across 11 blockchains” and that the claim that the funds were hacked from MetaMask was false.
MetaMask’s security team is currently investigating the source of the exploit and is working with others across the Web3 wallet space, the company confirmed in a series of tweets.
Details of the hacker’s modus operandi
Monahan had initially claimed that the exploit was specifically targeting long-time MetaMask users and employees. However, she later stated that the exploit was not MetaMask-specific and that users of all wallets, including those created on a hardware wallet, had been impacted by the exploit.
According to Monahan, the hacker would commit a secondary heist in the hours following their original heist to obtain assets and dust that they had missed the first time. Large-scale thefts are carried out by converting assets into ETH within the victims’ wallets and then into Bitcoin via a controlled swapper. After a week, the crypto gets washed through a rugged crypto mixer to make it traceable.
Monahan further warned that the vulnerability was not a conventional phishing effort or the work of random crooks. Instead, it specifically targets individuals with expertise in protecting their digital assets. As a result, she encouraged anyone with investments linked to a single private key to transfer their money, divide up their assets, or get a hardware wallet.