MetaMask rejects claims of wallet exploit in ‘massive’ $10M hack.
MetaMask, a provider of cryptocurrency wallets, has refuted claims that an exploit in its wallet was the cause of a “massive wallet-draining operation” in which over 5,000 ETH were stolen.
Since December 2022, an unidentified wallet-draining exploit has taken over $10.5 million in crypto and nonfungible tokens (NFTs), according to a series of tweets posted on April 17 by Taylor Monahan, the founder of Ethereum wallet manager MyCrypto. Monahan explained that an unknown wallet-draining exploit had stolen over $10.5 million in crypto and NFTs.
MetaMask stated that some recent reports on Monahan’s thread are incorrect in suggesting that a MetaMask exploit is responsible for a large-scale wallet-draining operation.
“This is not the case. This is not a MetaMask-specific vulnerability,” the advisory continued.
The wallet provider stated that the 5,000 ETH was taken from “various addresses across eleven blockchains,” reiterating that the claim that funds were stolen from MetaMask “is false.”
Ohm Shah, the co-founder of Wallet Guard, told Cointelegraph that the MetaMask team has “exhaustively researched” the matter, but “there is no definitive explanation for how this has occurred.”
“Numerous independent security researchers are investigating this as well,” Shah stated.
According to his speculation, it was plausible that there had been “some sort of private key or seed phrase leak.”
In a recent set of tweets, MetaMask confirmed that its security team was looking into where the exploit came from and “collaborating with others across the Web3 wallet space.”
Monahan mentioned in her discussion about the exploit that the method used to execute this extensive attack is still unknown, but her “best assumption” is that a significant amount of outdated data was acquired and utilized to withdraw the funds.
Initially, she also claimed that the perpetrator used MetaMask to drain longtime MetaMask users and employees.
Monahan subsequently remarked that the vulnerability is not exclusive to MetaMask, and that individuals who use any kind of wallet, including those that are established on a hardware wallet, have experienced its impact.