logo
Write
xuanling11eth.id.stx

Jul 282 min read

MetaMask Ethereum Wallet update to prevent scams

If you enjoy reading my articles, buy me a coffee here.

MetaMask just announced its update on 07/27/22. This update is critical because it will prevent "Wallet Drainer".

https://twitter.com/wallet_guard/status/1552329047836966915

What is Wallet Drainer

Wallet Drainer is a way to attack the wallet that, through the smart contract and links NFT project with other wallets without admitting approval from the individual signature required to each wallet.

https://twitter.com/TheOnlyNom/status/1552521385796423680

How the Wallet Drainer works are following:

  • fake NFT page with an artificial countdown to create urgency

  • victim connects wallet

  • the program will check valuable of NFTs

  • victim active the signature to transaction(s) to transfer ownership of NFTs

  • program fake the "mint" and transaction will not interact with the smart contract

  • the process repetitive

Here is how technically the program works and comprehensively addresses the potential impact of this attack. 

https://www.youtube.com/watch?v=557VCDJG1mk

How MetaMask prevents such attack

https://www.youtube.com/watch?v=P_7hpr5GSrw

With an extra step to allow the wallet to get permission for all transactions, the user has a way to stop a bundle of transactions at once without permission allow from the user side.

https://github.com/MetaMask/metamask-extension/pull/15010

You may think that is no a big deal but it saves a lot of NFTs project to prevent attacking users valuable assets.

How to prevent the attack

https://dappradar.com/blog/how-to-prevent-scammers-from-draining-your-wallet

  • Never click on links from unidentified sources.

  • Never click Google Ads for crypto services, instead go to the official website yourself.

  • Always use Two-Factor Authentication (2FA) when possible. Google Authenticator is free to use, so use it.

Also, double-check the website before connecting your wallet to the suspective website.

If you enjoy reading my articles, buy me a coffee here.

Photo by Georgi Dyulgerov on Unsplash

Share this story

Powered by Logo Sigle