Can Metamask Be Hacked?

‘Metamask is probably the most convenient and popular way to interact with dapps on the Ethereum network.’

MetaMask can be used for all ERC-20 tokens and ETH.
For many dapps, as long as you are logged in to your MetaMask account, you can access the dapps automatically through your browser.
If you are logged in to your MetaMask account, an attacker can view your portfolio address, balances, chips and transaction history – information that can be used to generate phishing attacks.

With the help of blockchain searchers such as Etherscan or ETHplorer, you can use your wallet address to find out the details of the transactions you are making.

Importantly, MetaMask works on patches to solve such shortcomings to ensure that users can use them with popular Ethereum client without any security problems.

On September 24, 2017, a malicious code injection allowed a hacker to steal private keys from multiple victim’s wallets and then manually empty their wallets.

When you use EtherDelta, you “trust” the private key of your wallet ( which can give everyone the opportunity to withdraw money from your wallet ) to your browser session, and you “trust” your money in the smart deal EtherDelta.

‘Someone could inject a code into the real EtherDelta that “sniffs” the private keys of a browser session, giving them unlimited access to your wallet.’

Moving your private key from MetaMask to MyEtherWallet allows you to view your ether portfolio ( including tokens ), which then allows you to move your tokens elsewhere, such as an exchange where you can exchange them.

Metamask is your “Hot Wallet”

Metamask is another hot wallet where the computer you access is connected to the internet.
If in case a hacker has connected to your computer some way, you should log into your metamask portfolio by entering your password as long as you have set your password.
Hot wallets are used when connected via the internet, which means that it is remotely accessible by hackers and keys can be stolen.

Paul Bouchon, a MetaMask developer, admits: “there is a huge mistake, because each page on which a user browses, has access to all his transaction history and much other relevant information.
While MetaMask has solved a privacy problem, announcing a new mobile wallet could open up another.
Since MetaMask users do not operate their node, Infura must interact with the Ethereum blockchain.

Metamask is stored in the user’s browser, not on remote servers.
Your browser will not have access to your private codes, but it can collect information about when and how you use the application.
When using MetaMask, use only one tab at a time to trade and block the portfolio when you do not use it.
For beginners, it’s a great introduction to the blockchain because you’ll use a browser that you’ll feel comfortable with.
A dApp that is often used with MetaMask is MyEtherWallet, another one is Blockonix.

Although MyEtherWallet is a portfolio that functions as MetaMask, it also serves as a complete node.
The metamask was created as a single light bag that allowed users to interact with the Ethereum blockchain without being a complete node.
Although MetaMask does not have access to your information, the browser you use will do so.

If you decide to use MyEtherWallet or other dApps like Blockonix, we recommend that you should use it with a hardware wallet rather than a web wallet like Metamask.


View Comments

Leave a Reply

Your email address will not be published. Required fields are marked*

This website uses cookies. When you are browsing, you agree with our cookie policy and terms of use.