MetaMask Now Adds An Extra Step That Could Help Users Avoid Attacks
MetaMask Now Adds An Extra Step That Could Help Users Avoid Attacks
MetaMask released a new 10.18.0 update to the wallet this week, which includes a change to the way that the software presents a requested setApprovalForAll permission. Granting that permission allows theΒ smart contractβthe code that powers NFTs andΒ decentralized appsβthe ability to access and transfer out all NFTs andΒ tokensΒ in a wallet.
Following the update, as security firm Wallet GuardΒ noted on Twitter, MetaMask now makes it clearer that a smart contract is requesting broad permissions, including access to any funds held within the walletβa function that can be used for so-called βwallet drainerβ exploits.
Screenshots posted to MetaMaskβsΒ GitHub software development repositoryΒ show a new prompt that uses a larger font than the rest of the interface. The example text reads, βGive permission to access all of your BAYC?β, with an additional warning reading, βBy granting permission, you are allowing the following account to access your funds.β
MetaMask Software Engineer Alex Donesky wrote on GitHub on June 22 that βthere is some urgency to get something out there since this method is so commonly used.β He also added that the βtimeline is compressed,β and admitted that it wasnβt how he would approach the change if there was more time to develop it.
Indeed, the update comes following a rash of scams that are primarily spread via hacked social media accounts. In the spring, verified accounts of numerousΒ Twitter users were hijackedΒ and used to share scam links inspired by prominent NFT projects like Azuki andΒ Otherside, and steal the NFTs and tokens of users who unwittingly connected their wallets to the smart contracts.
More recently, the Twitter accounts of various NFT projects and notable collectors were hacked to share similar types of links, billing them as a free NFT or token drop. Such scams have taken place via hacked Discord and Instagram accounts as well. It has led to a debate over whether creators and projectsΒ should compensate usersΒ who lose assets via such scams.
To be clear, MetaMaskβs update does not make any judgment call about the contract that users are attempting to connect to, and does not specifically call out identified scams. Furthermore, there are potentially legitimate uses for the setApprovalForAll function for certain dapps, such as on NFT marketplaces, which only further muddles the user decision.
Weβll see whether MetaMask takes this new feature further in future updates, as well as whether competing wallets will adopt similar techniques.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join CoinCu Telegram to keep track of news: https://t.me/coincunews
Follow CoinCu Youtube Channel | Follow CoinCu Facebook page
Hazel
CoinCu News
Other Posts
- Amplify 2024: Ohioβs Premier Blockchain Summit
- Polymarket Announces U.S. Beta Relaunch Amid Market Buzz
- China, US Conclude Trade Talks with Focus on Cooperation
- Michael Saylor Denies Bitcoin Sell-Off Amid Large BTC Transfer
- Court Upholds Fedβs Rejection of Custodia Bankβs Request
- EU Opens Antitrust Probe Into Deutsche Boerse and Nasdaq Derivatives Dealings
- Kazakhstan Explores Crypto Reserves Backed by National Funds
- Nordea Bank Introduces Bitcoin ETP Trading for Nordic Customers
- JPMorgan Increases Holdings in BlackRockβs Bitcoin ETF
- Crypto Leaders Address Macro Volatility Amid Market Shifts
- JPMorgan Chase Launches 24/7 Digital Deposit Token for Clients
- U.S. Treasury Proposes New Tax Relief Regulations
- Radiant Capital Faces $50M Loss in Major Security Breach
- SEGG Media Unveils $300 Million Crypto Reserve Plan
- 21Shares Files S-1 With SEC to Launch Hyperliquid ($HYPE) ETF
- Hong Kong Sentences Influencer for Unlicensed Investment Advice
- Franklin Templeton Signals TradFi and Crypto Integration
- Former CFO Convicted for $35M Fraudulent Crypto Investment
- XRP Spot ETF Launches on Nasdaq Amid Market Fluctuations
- MicroStrategy Retains Spot in Nasdaq 100 Amid Criticism
- Amplify 2024: Ohioβs Premier Blockchain Summit
- Polymarket Announces U.S. Beta Relaunch Amid Market Buzz
- China, US Conclude Trade Talks with Focus on Cooperation
- Michael Saylor Denies Bitcoin Sell-Off Amid Large BTC Transfer
- Court Upholds Fedβs Rejection of Custodia Bankβs Request
- EU Opens Antitrust Probe Into Deutsche Boerse and Nasdaq Derivatives Dealings
- Kazakhstan Explores Crypto Reserves Backed by National Funds
- Nordea Bank Introduces Bitcoin ETP Trading for Nordic Customers
- JPMorgan Increases Holdings in BlackRockβs Bitcoin ETF
- Crypto Leaders Address Macro Volatility Amid Market Shifts
- JPMorgan Chase Launches 24/7 Digital Deposit Token for Clients
- U.S. Treasury Proposes New Tax Relief Regulations
- Radiant Capital Faces $50M Loss in Major Security Breach
- SEGG Media Unveils $300 Million Crypto Reserve Plan
- 21Shares Files S-1 With SEC to Launch Hyperliquid ($HYPE) ETF
- Hong Kong Sentences Influencer for Unlicensed Investment Advice
- Franklin Templeton Signals TradFi and Crypto Integration
- Former CFO Convicted for $35M Fraudulent Crypto Investment
- XRP Spot ETF Launches on Nasdaq Amid Market Fluctuations
- MicroStrategy Retains Spot in Nasdaq 100 Amid Criticism
- Amplify 2024: Ohioβs Premier Blockchain Summit
- Polymarket Announces U.S. Beta Relaunch Amid Market Buzz
- China, US Conclude Trade Talks with Focus on Cooperation
- Michael Saylor Denies Bitcoin Sell-Off Amid Large BTC Transfer
- Court Upholds Fedβs Rejection of Custodia Bankβs Request
- EU Opens Antitrust Probe Into Deutsche Boerse and Nasdaq Derivatives Dealings
- Kazakhstan Explores Crypto Reserves Backed by National Funds
- Nordea Bank Introduces Bitcoin ETP Trading for Nordic Customers
- JPMorgan Increases Holdings in BlackRockβs Bitcoin ETF
- Crypto Leaders Address Macro Volatility Amid Market Shifts
- JPMorgan Chase Launches 24/7 Digital Deposit Token for Clients
- U.S. Treasury Proposes New Tax Relief Regulations
- Radiant Capital Faces $50M Loss in Major Security Breach
- SEGG Media Unveils $300 Million Crypto Reserve Plan
- 21Shares Files S-1 With SEC to Launch Hyperliquid ($HYPE) ETF
- Hong Kong Sentences Influencer for Unlicensed Investment Advice
- Franklin Templeton Signals TradFi and Crypto Integration
- Former CFO Convicted for $35M Fraudulent Crypto Investment
- XRP Spot ETF Launches on Nasdaq Amid Market Fluctuations
- MicroStrategy Retains Spot in Nasdaq 100 Amid Criticism
Latest
Press Release
Decibel Launches Fully Onchain Perpetuals Exchange on Aptos Mainnet
Bybit Unveils 2025 Security Milestone: Intercepts $300M in Impersonalization, Scams and Frauds via New AI-Driven Risk Framework
