MetaMask developers distinguish five main ways to hack users’ wallets:
— The computer was compromised, and the user stored private information on it;
— The user visited a phishing site;
— The user has transferred the private key to a third party or site;
— The user has provided a decentralized application or smart contract with unlimited access to their assets;
— The user installed a fake MetaMask extension;
— Installing uncertified software on your computer or extensions in your Browser.
Secure your device.
Safe storage of cryptocurrencies starts with a reliable system. You can’t be sure that your digital assets are safe if you use a compromised device to store them. There is a tremendous amount of coverage on the topic of system security, as there is a constant battle between security professionals and hackers. The latter are finding new loopholes, and the former are trying to stop them.
Install MetaMask.
Often, users lose cryptocurrency by installing fake extensions. By launching a fake extension, they knowingly pass all the entered information, in particular seed phrases, to attackers. In addition, someone else will control the transfer address offered by the extension. That’s why it is important to install MetaMask only using the links from the developer’s official site.
Store seed phrase. Seed phrase is used by default by most cryptocurrency wallets. You will need it to regain access to your wallet, for example, if you decide to reinstall MetaMask or transfer your wallet to another computer. Equally, the seed phrase will allow a rank outsider to gain access to the wallet, if somehow it gets to them.
MetaMask displays a 12-word seed phrase at the moment the wallet is created. Developers do not store your data on their servers, so the seed phrase is the only key to regain access. The seed phrase should be written down on paper and stored in a safe place. If you copy it to the clipboard, the information will remain there, which means that additional attack vectors will be opened. The same applies to the situation of storing the seed phrase in a file on a computer connected to the Internet.
If the wallet is already in use, and you do not have the seed phrase, you can always display it again. To do this, click on the button to access the extension settings at the top right of the MetaMask interface and select «Settings». In the window that appears, go to the «Security & Privacy» tab and click «Reveal Seed Phrase». You will be prompted to enter your password.
Revoke permissions from decentralized applications. When you interact with a decentralized application for the first time, whether it is Uniswap or some other service, you will be asked to provide permission to perform operations with the MetaMask wallet. Such permits are issued on an ongoing basis. In many cases, permissions are limited to viewing your accounts, but this is not always the case.
There have already been cases where cryptocurrency has been stolen from users because of the permissions granted to interact with the assets. As such, permissions are not a vulnerability and are necessary to work with applications. Nevertheless, there are projects in the decentralized finance space that pose a threat to users due to malicious intentions of developers or unverified code.
To revoke account permissions, click the three dots next to the wallet address and select «Connected Sites». Here you’ll see a list of all the apps you currently give such permissions to, and you can remove the ones you don’t need.
This way you can quickly prohibit apps from viewing addresses. To revoke permissions, you’ll need to take additional steps.
View and remove all permissions via bscscan.com or etherscan.com.
Let’s look at an example on bscscan and etherscan.
Go to the site and right click on More, a submenu opens and click on Token Approvals.
The
Then opens a window.
1. Enter the address of our wallet
2. Press search
3. See all the permissions, to remove them at once press Connect to web3 and select MetaMask. And disable the unnecessary or suspicious.
Scam coins.
When you get scam coins, all you can do is not touch them at all. If you try to flip them or sell them or do something with them, you lose your account, so let them lie around, they won’t interfere.
Most of them are sent on BNB Chain due to small commission.
They look like this. Look at the screenshot below.
Thus, looking through the blockchain, you can see them and think that you have received $13000 in BUSD. But as soon as you add them to your wallet so that they are displayed and try to withdraw or exchange, then you risk losing your funds. They can be called absolutely differently. Just ignore them.
Switching to a new wallet
If you suspect that a wallet may have been compromised, you should immediately move your assets to a new one. Sometimes situations arise when hackers steal cryptocurrency right in front of the user. In this case, there is still a chance to save at least some of the assets. Creating a new address in MetaMask will not be enough for that, because they are all generated from one seed phrase. You will have to generate a new seed phrase taking into account all the security recommendations and create wallets from it.
To do this, create a new profile in Chrome and install MetaMask in it. Go through all the steps of creating a new wallet, including writing the seed phrase, and transfer cryptocurrency to the new address. Note that you need to transfer tokens first and only then ether (ETH), as it will be needed to pay transaction processing fees. Subsequently, you will be able to make these assets available in your main Chrome profile using the wallet import feature. To do this, you will need a 12-word seed phrase. Similarly, you will be able to run one wallet on multiple computers.
Hardware Wallet
If you store substantial amounts of cryptocurrency, it makes sense to consider purchasing a hardware wallet. This is a device that is shaped like a regular USB drive, in which cryptocurrency is stored without a permanent connection to the Internet, which means it is much better protected than when it is stored on a home computer.
A lot of decentralized applications allow you to connect via hardware wallet directly. In addition, you can connect a hardware wallet to MetaMask and interact with decentralized applications through it. This option will also be much more secure, than the normal use of MetaMask on your computer.
MetaMask works with hardware wallets from two of the most well-known manufacturers: Ledger and Trezor. We recommend buying hardware wallets only from official manufacturers, as third-party vendors can modify the device to allow them to control your cryptocurrency.
Hardware wallets have a display that shows transaction details. Make sure the transaction details on the display are correct, including the recipient’s address, before finally approving the transaction. With a hardware wallet, attackers can still tamper with the address on your computer to force you to send the cryptocurrency to the wrong place.
Coinmarketcap
CoinGecko
DEXTools