- Over $1 billion have been stolen in crypto hacks this year.
- Now, MetaMask has deployed a new feature to prevent users from being conned by phishing attacks.
- However, MetaMask warns that cybercriminals will continue to develop new ways to steal from victims.
When billionaire entrepreneur Mark Cuban lost almost $1 million in crypto to a suspected phishing scam in September, he said: “I’m pretty sure I downloaded a version of MetaMask with some shit in it.”
He told DL News at the time that he guessed he had clicked a malicious link on a Google ad.
Now, crypto wallet provider MetaMask has rolled out a new feature to prevent other users from falling victim to similar scams.
MetaMask on Tuesday launched the experimental feature in partnership with web3 security outfit Blockaid. Blockaid raised $27 million from investors including MetaMask to protect crypto users from hacks.
MetaMask and Blockaid say the feature may help curb the efforts of hackers who steal billions of US dollars in crypto assets every year.
Barbara Schorchit, senior product owner at MetaMask, told DL News that both partners are aware that wallet security must respond and adapt to new attack vectors.
“We have built an update mechanism for the security alerts feature that allows us to incorporate newly available data to the privacy-preserving module without requiring a new MetaMask release,” Schorchit said.
Wallet security features also run into the problem of false positives — where legitimate contract interactions are flagged as malicious.
Schorchit said project teams will have easy access to report such incidents for correction.
This new feature added to MetaMask’s security comes amid $1 billion in losses from crypto hacks in 2023, according to DefiLlama data.
While this number is down from the $3 billion recorded last year, there have been more incidents in 2023 than in 2022.
These heists have led to calls for a higher digital safety standard in the industry as well as regulatory clarity.
How MetaMask’s feature prevents scams
MetaMask said the new feature detects and flags malicious decentralised apps, or dApps, and smart contract interactions capable of draining funds from victims’ wallets.
MetaMask users with the feature enabled on their wallets will receive alerts and warnings if they are redirected to malicious dApps after clicking on phishing links.
These malicious dApps are a popular attack vector for cybercriminals who target victims with phishing links.
Phishing in the crypto space is a type of attack designed to trick users into revealing information like private keys and seed phrases needed to access and steal funds from the victim’s cryptocurrency wallets.
Hackers accomplish this goal by means of malicious links embedded into websites, tweets, emails, and any other medium that can be used to entice a potential victim.
One crypto whale — a colloquial term for someone who owns millions of dollars’ worth of cryptocurrencies — lost $24 million in a phishing attack last month.
Other victims have also lost expensive NFTs and other crypto valuables to phishing scams over the years.
Blockaid says its detection capabilities have already been tested in real-life situations.
During these tests, the detection feature saved users from losing funds when scammers compromised Ethereum co-creator Vitalik Buterin’s X, formerly Twitter, account in September, Blockaid said.
This particular attack resulted in the theft of over $700,000 in crypto assets.
Blockaid’s detection service is not the only one of its kind in the industry.
The security outfit, however, says it’s the first offering to not require users to provide data to third-party services to safeguard their wallets.