News

MetaMask Now Adds An Extra Step That Could Help Users Avoid Attacks

MetaMask Now Adds An Extra Step That Could Help Users Avoid Attacks

MetaMask released a new 10.18.0 update to the wallet this week, which includes a change to the way that the software presents a requested setApprovalForAll permission. Granting that permission allows the smart contract—the code that powers NFTs and decentralized apps—the ability to access and transfer out all NFTs and tokens in a wallet.

Following the update, as security firm Wallet Guard noted on Twitter, MetaMask now makes it clearer that a smart contract is requesting broad permissions, including access to any funds held within the wallet—a function that can be used for so-called “wallet drainer” exploits.

Screenshots posted to MetaMask’s GitHub software development repository show a new prompt that uses a larger font than the rest of the interface. The example text reads, “Give permission to access all of your BAYC?”, with an additional warning reading, “By granting permission, you are allowing the following account to access your funds.”

MetaMask Software Engineer Alex Donesky wrote on GitHub on June 22 that “there is some urgency to get something out there since this method is so commonly used.” He also added that the “timeline is compressed,” and admitted that it wasn’t how he would approach the change if there was more time to develop it.

Indeed, the update comes following a rash of scams that are primarily spread via hacked social media accounts. In the spring, verified accounts of numerous Twitter users were hijacked and used to share scam links inspired by prominent NFT projects like Azuki and Otherside, and steal the NFTs and tokens of users who unwittingly connected their wallets to the smart contracts.

More recently, the Twitter accounts of various NFT projects and notable collectors were hacked to share similar types of links, billing them as a free NFT or token drop. Such scams have taken place via hacked Discord and Instagram accounts as well. It has led to a debate over whether creators and projects should compensate users who lose assets via such scams.

To be clear, MetaMask’s update does not make any judgment call about the contract that users are attempting to connect to, and does not specifically call out identified scams. Furthermore, there are potentially legitimate uses for the setApprovalForAll function for certain dapps, such as on NFT marketplaces, which only further muddles the user decision.

We’ll see whether MetaMask takes this new feature further in future updates, as well as whether competing wallets will adopt similar techniques.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join CoinCu Telegram to keep track of news: https://t.me/coincunews

Follow CoinCu Youtube Channel | Follow CoinCu Facebook page

Hazel

CoinCu News

Victor

Recent Posts

Best Cryptos with 1000X Potential: Qubetics Revolutionises Blockchain as Polkadot and Cosmos Shape the Future

Discover why Qubetics, Polkadot, and Cosmos are the best cryptos with 1000X potential, offering innovation,…

1 hour ago

Best Coins to Buy in December 2024: Qubetics Offer 630% ROI, Polkadot Delivers on Interoperability and Near Protocol’s Scalability is Talk of the Town

Explore the best coins to buy in December 2024—Qubetics with its thrilling presale, Polkadot’s interoperability,…

7 hours ago

Crypto Market Outlook 2025 Key Factors to Watch

The Crypto Market Outlook 2025 highlights key areas: stablecoin growth, tokenization, crypto ETFs, DeFi innovation,…

10 hours ago

Bitcoin Quantum Computing Threat Expected to Take Decades

The Bitcoin quantum computing threat is years away, but reserves already support post-quantum signatures via…

10 hours ago

Best New Meme Coins to Invest in Today: BTFD Coin Wows Investors with Unmissable Stage-7 Price Reversal as Book of Meme and Snek Crash

Don't miss BTFD Coin's Stage-7 presale dip! Find out why it's leading the pack of…

10 hours ago

Crypto Hedge Funds Banking Issues Persist Over Recent Years

A WSJ survey reveals crypto hedge funds banking issues over three years, with 120 out…

10 hours ago

This website uses cookies.