MetaMask denies that the $10 million wallet hack was a MetaMask exploit

Self-guarding MetaMask has denied claims by MyCrypto’s Taylor Monahan that the recent hack of multiple wallets was a MetaMask exploit.

According to the wallet provider, the attacker withdrew 5,000 Ethereum (ETH), worth about $10 million, from various addresses across 11 blockchains rather than just MetaMask users.

MyCrypto’s CEO steps back, saying the attack vector isn’t clear

It confirmed that its security team is working with other affected wallet service providers to determine the source of the attack.

metamask Answer Follows a Twitter thread by Taylor Monahan claiming that an attacker stole funds through a MetaMask-specific exploit that affected longtime users and MetaMask employees.

Monahan, CEO and co-founder of MyCrypto claims to have discovered an exploit for 5,000 ETH months in advance. The founder alleged that the attacker was “sending” (transactions) smaller “txns (transactions) via MetaMask”, draining encryption from old users and employees. I clarified later in the thread that the exploit was not platform-specific.

Monahan too Certain The hack also affected users of Ledger Live, MyCrypto, Trust and Exodus wallets. Earlier I speculated that the attack originated from a data leak.

Cryptocurrency wallets are software applications that hold private strings called keys that are used to transfer cryptocurrencies without an intermediary. MetaMask allows the user to hold and transfer ETH or any other ETH-based token.

Founder of SlowMist who specializes in Blockchain Security He said that the keys may have been part of a larger data breach and were only later discovered to be encryption keys.

On April 14, wallet developer ConsenSys confirmed a data breach affecting more than 7,000 users.

The hackers gained unauthorized access to a MetaMask customer service provider that sent phishing emails to users who contacted the service provider between August 2021 and February 2023.

The fraudulent emails required users to update KYC information, which resulted in economic losses for three customers. ConsenSys later confirmed that MetaMask itself was safe to use.

Prior to this, scammers sent spam emails to users through Namecheap’s compromised email service providers. The scam asked users for their recovery secret phrase, which is a string of words that users need to retrieve their private keys.

For a recent Be (In) Crypto Bitcoin (BTC) analysis, click here.


Adhering to the Trust Project’s guidelines, BeInCrypto is committed to providing unbiased and transparent reporting. This news article aims to provide accurate and timely information. However, readers are advised to independently check the facts and consult with a professional before making any decisions based on this content.

Leave a Reply

Your email address will not be published. Required fields are marked *