MetaMask, the web3 wallet provider, has denied allegations that a “massive wallet-draining operation” was launched through an exploit of its wallet. The denial was issued after MetaMask developer Taylor Mohanan claimed that an attacker had been “sending” transactions through MetaMask and draining cryptocurrency from long-term users and employees. Mohanan later confirmed that the attack was not specific to MetaMask.
- The attack, described as “sophisticated”, was first discovered by Mohanan earlier this week. It reportedly resulted in the loss of over 5,000 ETH and an undetermined quantity of tokens and NFTs since December 2022.
- The attacker targeted “OGs who are reasonably secure”, according to Mohanan, who added that the exploit has yet to be identified.
- In a series of tweets, MetaMask confirmed that its platform had not been exploited. “This is not a MetaMask-specific exploit”, the company stated in a message to its users.
“Recent reporting on (Monahan’s) thread has incorrectly claimed that a massive wallet-draining operation is a result of a MetaMask exploit. This is incorrect. This is not a MetaMask-specific exploit.”
- MetaMask’s security team is currently working with affected wallet providers to locate the source of the attack.
- The attacker reportedly withdrew 5,000 ETH from different addresses across 11 blockchains, rather than only from MetaMask users.
- All of the victims’ wallet keys were created between 2014 and 2022.