Security Analyst Alexandru Lupascu Warns MetaMask Developers About a Critical Vulnerability

MetaMask is a Web3 cryptocurrency wallet project that is the best source of gaining access to the Ethereum blockchain and EVM-compatible blockchain networks. However, recently a cybersecurity analyst pointed out that there is a major threat facing the users of the wallet. Alexandru Lupascu is a cryptographer and security analyst who recently posted a detailed blog post about his findings.

He was testing the MetaMask wallet last year and reported one big loophole that the hackers can exploit. Lupascu claimed that the users stand to compromise their IP addresses if the vulnerability is not fixed soon. He also pointed out that he first reported the issue to the MetaMask team in December last year, but the issue is still not fixed.

Lupascu explained in his blog post that hackers could mint an NFT with the help of an URL function taking advantage of the remote servers. In this manner, the threat actors will have the option to make the NFT reserves from a user wallet address visible to them without the consent of the owners. Recently, NFT users have lost millions of dollars to hacks, scams, and data compromising techniques.

Lupascu also experimented with demonstrating this security lag practically. He minted an NFT on OpenSea that uses the ERC-1155 protocol. With the help of a smart contracts editor, he rerouted the URL connected to the original NFT mint address to a new controlled remote server. Lupascu then sent the NFT to a different Ethereum address, and when he checked the address on his MetaMask mobile application, his IP address was visible. He also pointed out that hackers only need a $50 budget to conduct the hack attack.

MetaMask founder Daniel Finlay recently addressed the IP address vulnerability issue raised by the cryptographer from OMNIA Protocol. He also admitted that the issue was reported in advance, and the development team of MetaMask needs to address the issue ASAP. Lupascu has warned the Ethereum users to be mindful about accessing any NFTs that they receive as an airdrop.

Cybersecurity experts agree that the best and most secure way for investors to safeguard their crypto investments is to store them in a cold storage wallet. MetaMask wallet has also suffered from phishing attacks compromising reserves worth millions of dollars. The hackers can also access the private key of the Web3 wallet with spamming and gain complete control victim’s crypto collection.

Related Posts


Leave a Reply

Your email address will not be published.