MetaMask Rejects Claims of a $10 million MetaMask-specific Wallet Draining Exploit

The most popular cryptocurrency wallet, MetaMask (MM), has rejected the claims that a recently discovered $10 million wallet-draining exploit was a MetaMask-specific exploit.

On Tuesday, April 18, Taylor Monahan, a MetaMask developer & the founder of Ethereum wallet manager MyCrypto, unmasked an unidentified wallet-draining exploit that has taken more than $10.5 million in non-fungible tokens (NFTs) and coins since December 2022, mostly from experienced MM users. According to the developer, the exploit mainly concentrates on MM and MM users.

Leaked Keys, Not an Exploit

In her reporting, Taylor Monahan said that at least 5,000 Ether (ETH) had been stolen across 11 chains, but also noted that the extent of the losses has not yet been determined. The root cause is also yet to be determined.

Her tweet reads:

“For the past 48hrs, I’ve been unwinding a massive wallet-draining operation. I don’t know how big it is, but since Dec 2022, it’s drained 5000+ ETH and ??? in tokens / NFTs / coins across 11+ chains. Its rekt my friends & OGs who are reasonably secure. No one knows how.”

If you are reading this, you're the type to be drained by this.

This is NOT a low-brow phishing site or a random scammer. It has NOT rekt a single noob. It ONLY rekts OGs.

If you have all your stuff under a single Secret Recovery Phrase / Private Key, please be safe migrate. 🙏 pic.twitter.com/o50pcBaUWT

— Tay 💖 (@tayvano_) April 18, 2023

Monahan discovered that this four-month-long wallet-draining operation is not “a low-brow phishing site or a random scammer.” The perpetrator does not target newbies but rather steals from crypto native users, and most drained addresses were created between 2014 and 2022.

She speculates that the hacker has gotten his hands on leaked private keys and is now draining them. The developer highlighted that the most affected people are MM employees and MM users. This may lead many to believe that the incident was a MetaMask-specific exploit.

She later clarified that this was not an MM-specific incident. Many other wallets and hardware wallets had also been impacted. However, MetaMask quickly responded to the report to deny claims that this massive wallet-draining operation resulted from a MetaMask exploit.

Recent reporting on @tayvano_’s thread has incorrectly claimed that a massive wallet draining operation is a result of a MetaMask exploit.

This is incorrect. This is not a MetaMask-specific exploit. https://t.co/MiJ3QgslMy

— MetaMask 🦊💙 (@MetaMask) April 18, 2023

MetaMask team further noted that not all stolen 5,000 ETHs were from MM wallets. They said:

“Additionally, the claim that 5,000 ETH was hacked from MetaMask is incorrect. Data shows 5,000 ETH was stolen from various addresses across 11 blockchains.”

However, MetaMask has decided not to go this incident unchecked. The team later confirmed its security boys were researching the source of the exploit and were “working with others across the Web3 wallet space.”

No one has yet pinpointed the exact source and cause of this incident. Like Monahan, many believe this is some sort of private key or seed phrase leak.