Ethereum wallet MetaMask adds an added layer of protection to help users avoid attacks that drain wallets, following a rash of social media NFT scams.
Most cryptocurrency wallet users would agree that each use of said wallet comes with a certain level of trust. That’s because granting specific permissions upon sign-up could lay the wallet bare to “wallet drainer” attacks. Many users have lost millions of dollars worth of tokens and NFTs due to said scam, especially when users allow social media tie-ins.
Following a flurry of social media NFT scams, Ethereum wallet MetaMask has added an extra step that would serve as an added layer of protection to help users avoid wallet drainer attacks.
MetaMask Version 10.18.0
Users of social media platforms like Twitter and Discord are the usual victims of the booming scams in the NFT space. These users are duped into connecting their crypto wallets to malicious smart contracts, eventually leading to their NFTs and tokens being stolen.
Top Ethereum wallet MetaMask’s recent update makes users better aware of what they are signing when the “setApprovalForAll” permission is requested. This week’s 10.18.0 update to MetaMask’s user interface (UI) includes changing how the software presents said permission request.
In the previous version, granting permission allows the smart contract to access and transfer all NFTs and tokens from a wallet. Incidentally, the smart contract is the code that powers NFTs and other decentralized apps.
Following the update, MetaMask clarifies that a smart contract is requesting broad permissions, including access to funds held inside a wallet, that could potentially drain the wallet. Security firm Wallet Guard took note of this in a recent Twitter post.
The tweet includes screenshots showing the new prompt using a font much larger than the other texts on the UI. The sample text reads, “Give permission to access all of your BAYC?” and an additional warning reads, “By granting permission, you are allowing the following account to access your funds.”
Why MetaMask Implemented the Update
Alex Donesky, MetaMask’s software engineer, explained the need to implement the 10.18.0 update. He said, “There is some urgency to get something out there since this method is so commonly used.” He adds that the “timeline is compressed” and acknowledged that he would have approached the update much differently if there had been more time to develop it.
As already mentioned, the update comes on the heels of rapid NFT scams done through hacked social media accounts. For instance, in the spring, hackers hijacked verified Twitter accounts and used these to share links that were purportedly from blue-chip NFT projects like Otherside and Azuki. As a result, the NFTs and tokens of unsuspecting users who linked their wallets to the smart contracts were stolen.
The recent MetaMask update isn’t an attempt to make a judgment call about the contracts users try to connect to, and neither does it specifically call out identified scams. What’s more, the “setApprovalForAll” function for some dapps is potentially legitimate. Thus, you can see where user decisions could get confusing.
Nevertheless, the MetaMask update could curtail the impact of NFT scams. This added layer of protection could even give some NFT collectors pause and a chance to reconsider their actions before approving transactions because of the fear of missing out and projected hysteria around NFTs.
It remains to be seen whether MetaMask will further improve this in future updates. It’s also worth anticipating whether other competing wallets would follow suit and adopt the change. After all, NFT scams are not limited to MetaMask users or the Ethereum blockchain.
Get more news updates
Get more NFT news updates at Omnimint News. For more information on Omnimint, and details on how to join our community, please follow our Twitter, or subscribe to our Telegram channel for more updates, and please feel free to submit your article.