Photo by Georgi Dyulgerov on Unsplash

MetaMask just announced its update on 07/27/22. This update is critical because it will prevent "Wallet Drainer".

What is Wallet Drainer

Wallet Drainer is a way to attack the wallet that, through the smart contract and links NFT project with other wallets without admitting approval from the individual signature required to each wallet.

How the Wallet Drainer works are following:

  • fake NFT page with an artificial countdown to create urgency
  • victim connects wallet
  • the program will check valuable of NFTs
  • victim active the signature to transaction(s) to transfer ownership of NFTs
  • program fake the "mint" and transaction will not interact with the smart contract
  • the process repetitive

Here is how technically the program works and comprehensively addresses the potential impact of this attack.

How MetaMask prevents such attack

With an extra step to allow the wallet to get permission for all transactions, the user has a way to stop a bundle of transactions at once without permission allow from the user side.

https://github.com/MetaMask/metamask-extension/pull/15010

You may think that is no a big deal but it saves a lot of NFTs project to prevent attacking users valuable assets.

How to prevent the attack

Never click on links from unidentified sources.
Never click Google Ads for crypto services, instead go to the official website yourself.
Always use Two-Factor Authentication (2FA) when possible. Google Authenticator is free to use, so use it.

Also, double-check the website before ever connecting your wallet to the suspective website.


If you enjoy reading my articles, buy me a coffee here.