MetaMask announced over 7,000 users are at risk due to a recent hack. ConsenSys, the parent company of the widely-used crypto wallet, broke the news in an April 14 blog post. What do we know about the MetaMask hack?
What Do We Know About the MetaMask Hack?
ConsenSys revealed that the private information of people who had filed support tickets between August 1, 2021 and February 10, 2023 might have been leaked. Apparently, hackers gained unauthorized access to a third party computer system. The system was used to process customer service issues. Therefore, this breach could allow bad actors to view the support tickets users submitted.
So, what information could have leaked? Firstly, the tickets included a blank field that some users might have filled with personal information. The blog posted states that ConsenSys did not prompt users to populate the field. Still, some people might have done so anyway. Some information that people might have added includes “economic or financial information, name, surname, date of birth, phone number, and postal address.”
In total, MetaMask estimates up to 7,000 users may be affected. As a response, ConsenSys and hardware wallet providers are warning customers to be on the lookout for an increase in phishing scams. Attackers may use the leaked data as a source for potential victims.
Did ConsenSys Fix the Problem?
ConsenSys has reportedly eliminated the unauthorized leak. As such, tickets submitted after February 10, 2023 should be safe. Since then, the Web3 company has alerted law enforcement agencies to the hack and is conducting a more detailed investigation into the issue.
It’s not the first time MetaMask has experienced security issues, unfortunately. Previously, the Web3 community criticized MetaMask for logging users’ IP addresses. This could have led to hackers pinpointing geographical locations for crypto holders. Therefore, this is a huge risk for anyone who self-custodies a large amount of digital assets.
Fortunately, it seems like this hack has been relatively minor. It does serve as a helpful reminder to allows follow good security measures when handling crypto assets, however.