News

MetaMask Now Adds An Extra Step That Could Help Users Avoid Attacks

MetaMask Now Adds An Extra Step That Could Help Users Avoid Attacks

MetaMask released a new 10.18.0 update to the wallet this week, which includes a change to the way that the software presents a requested setApprovalForAll permission. Granting that permission allows the smart contract—the code that powers NFTs and decentralized apps—the ability to access and transfer out all NFTs and tokens in a wallet.

Following the update, as security firm Wallet Guard noted on Twitter, MetaMask now makes it clearer that a smart contract is requesting broad permissions, including access to any funds held within the wallet—a function that can be used for so-called “wallet drainer” exploits.

Screenshots posted to MetaMask’s GitHub software development repository show a new prompt that uses a larger font than the rest of the interface. The example text reads, “Give permission to access all of your BAYC?”, with an additional warning reading, “By granting permission, you are allowing the following account to access your funds.”

MetaMask Software Engineer Alex Donesky wrote on GitHub on June 22 that “there is some urgency to get something out there since this method is so commonly used.” He also added that the “timeline is compressed,” and admitted that it wasn’t how he would approach the change if there was more time to develop it.

Indeed, the update comes following a rash of scams that are primarily spread via hacked social media accounts. In the spring, verified accounts of numerous Twitter users were hijacked and used to share scam links inspired by prominent NFT projects like Azuki and Otherside, and steal the NFTs and tokens of users who unwittingly connected their wallets to the smart contracts.

More recently, the Twitter accounts of various NFT projects and notable collectors were hacked to share similar types of links, billing them as a free NFT or token drop. Such scams have taken place via hacked Discord and Instagram accounts as well. It has led to a debate over whether creators and projects should compensate users who lose assets via such scams.

To be clear, MetaMask’s update does not make any judgment call about the contract that users are attempting to connect to, and does not specifically call out identified scams. Furthermore, there are potentially legitimate uses for the setApprovalForAll function for certain dapps, such as on NFT marketplaces, which only further muddles the user decision.

We’ll see whether MetaMask takes this new feature further in future updates, as well as whether competing wallets will adopt similar techniques.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join CoinCu Telegram to keep track of news: https://t.me/coincunews

Follow CoinCu Youtube Channel | Follow CoinCu Facebook page

Hazel

CoinCu News

Victor

Recent Posts

Best Altcoins to Buy Today: Qubetics Rides 1000x Potential to Hit $2.6M, Ethereum Stays Rangebound, Tron USDT Transactions Hit $52B

Discover the best cryptos to buy and hold today: Qubetics leads with 1000x potential, Ethereum…

1 hour ago

Trump Media Company Is Pushing New Venture For Crypto Service

With the platform facing a cracked whip, Trump Media company is expanding into new business…

2 hours ago

Crypto Advisory Council Now A White House Position Attracting Leaders

Major crypto firms, including Ripple, Kraken, and Circle, are competing for spots on President-elect Donald…

3 hours ago

Analyst Sounds Major Breakout Alert Amid Shiba Inu, WallitIQ, And Dogecoin Price Recoveries

Analysts highlight a breakout alert as Shiba Inu (SHIB), and Dogecoin show signs of recovery…

3 hours ago

SEC Chair Gary Gensler Will Lose Power From January 20

SEC Chair Gary Gensler will step down on January 20, 2025, coinciding with President-elect Donald…

3 hours ago

MicroStrategy Convertible Notes Now Out of Stock With $3B Raised

The MicroStrategy convertible notes offering, initially set at $1.75 billion, was increased to $2.6 billion…

4 hours ago

This website uses cookies.