ConsenSys Assessing Security Breaches Targeting 7000 MetaMask Users
The New-York based blockchain company has issued a report disclosing the security breaches affecting 7000 MetaMask users. The April 14 report stated that the malicious attack launched by unscrupulous players who aimed at manipulating the support team. The ConsenSys team noted that the attacks had minimal impact on the MetaMask platform.
The report mentioned that the first incidence of suspicious activities on the MetaMask platform was observed in late 2021. The hackers purporting to be MetaMasks’ third-party support team, gained access to customers’ confidential data, including email and private keys.
Overview of ConsenSys Report
The ConsenSys report revealed that the hackers have been eying the MetaMask support team since they are responsible for developing user support tickets. The report demonstrated that the customers who engaged the “fraudulent” MetaMask support team were at high risk of a security violation.
The customers support mechanism implemented by the hackers was against Metamask’s standard operating procedures (SoP). Undeniably, the MetaMask customer service platforms have integrated an application where the user can provide any additional information.
The user interface required the customers to disclose primary personal data only such as names and account details. On the contrary, the fake MetaMask user platform requested that customers to provide extra financial reports along with other personal data.
The ConsenSys report mentioned that over 7000 customers fell for the hacker trap. Though out of the 7000 users’ hackers only drained substantial money from three MetaMask wallets. It was reported that the MetaMask team has addressed the hacking activity.
An official announcement from a MetaMask spokesperson revealed that the crypto firm has been probing the matter since 2021. The investigation were conducted in phases.
Initially, the MetaMask team started by gathering supporting evidence concerning the hack. The spokesperson stated that the data collection process was crucial to enable the MetaMask team to make informed decisions on improving system security.
He stated that the investigation also involved the forensic team in examining the nature of the exploit. Afterward, the ConsenSys team conducted a comprehensive investigation to evaluate the hack damages and develop a solid solution.
The investigation’s findings were shared with the Ireland data protection commission. A similar report was presented to the information commissioner’s office in the UK.
MetaMask Preventive Measures
In addition, the spokesperson confessed that the MetaMask team would take cautious measures to prevent the recurrence of such incidence. He confirmed that the MetaMask wallet is secure and that investors can execute their transactions effortlessly.
In the meantime, MetaMask users are urged to utilize the application since it does not require the disclosure of personal information. The users are requested to be more vigilant when accessing the platform and other online services.
According to ConsenSys report high cases of cyber-related crimes, including crypto theft and ransomware, have compelled the MetaMask group to issue early warnings to their customers.
In a study by the Kaspersky Lab, phishing attacks jumped by 40% in the previous year. With the rise of phishing attacks, the MetaMask group has warned users from sharing their sensitive information, including the seed phrase, private keys, and passwords.
Before the notification, MetaMask requested the users to avoid clicking on any suspicious link that might be shared by outsiders purporting to work at the crypto firm. Furthermore, when contacting MetaMask customer service, the users are encouraged to withhold disclosing some confidential information.