Scam Alert: MetaMask Wallet Discovers Critical Security Vulnerability

Scams related to crypto wallet and gateway MetaMask are on the rise amid developments including the Ethereum Merge and Cardano’s Vasil hard fork. The scam Twitter account “@MetaMaskUpdates” on Wednesday warned users about a critical security issue with the MetaMask protocol. It claims the security issue allows attackers to withdraw assets from any user’s wallet without a password or recovery phrase. Also, it advised users to immediately update MetaMask to mitigate issues and secure their funds.

MetaMask Scam on Critical Security Issue

The scam Twitter account uses the name of Jen Luker, security project manager of MetaMask Wallet, to warn users about the critical security issue faced by the protocol. It claims users failing to update the MetaMask app or web software risks losing all assets on their MetaMask wallet.

CoinGape team discovered that the fake Twitter account has 22.2K Twitter followers and retweeted several tweets from the original MetaMask’s Twitter account. The link mentioned on the Twitter account and the website has security risks and misspellings. Also, links on the website are found to be broken. Users are recommended to be alert.

It makes users believe that MetaMask received over 50,000 individual complaints reporting assets, coins, and NFTs stolen from their wallets. Users, including MetaMask employees, reported a widespread breach in the MetaMask protocol.

“Earlier this month, we were made aware of an exploit which enables bad actors to abuse MetaMask’s identification protocol and withdraw all assets from user wallets without having any access to their password or recovery phrase.”

The scam also detailed how attackers misused two functions within the MetaMask extension code to withdraw any MetaMask user’s assets. However, the security team has developed an update to patch this critical vulnerability. As attackers are actively exploiting the issue, all users are required to immediately update their MetaMask extensions.

Rising Scams Amid Important Crypto Developments

Scams seem to have increased amid the Ethereum Merge and Cardano’s Vasil hard fork updates. Blockchain security platform PeckShieldAlert has also warned users about a MetaMask airdrop scam on September 22.

Recently, Indian crypto exchange CoinDCX’s Twitter account was compromised and exploiters shared links to a fraudulent XRP Giveaway. It happened as the XRP price skyrocketed amid rising positive sentiments regarding Ripple’s win against the SEC.