• About
  • Coincu
  • Hot topics
  • Random
  • Exchange
Monday, May 23, 2022
CoinCu News
No Result
View All Result
  • Login
  • Home
  • News
    • Bitcoin
    • Altcoins
    • Blockchain
  • Market
    • Analysis
  • Knowledge
    • Crypto 101
    • Defi
    • GameFi
    • NFTs
    • Metaverse
    • Web 3
  • Crypto Recap
  • Video
  • IDO Events
    • Airdrop
  • Scam Alert
  • Live Prices
  • PR
    • Press Releases
    • Sponsored Articles
    • Advertise
  • Home
  • News
    • Bitcoin
    • Altcoins
    • Blockchain
  • Market
    • Analysis
  • Knowledge
    • Crypto 101
    • Defi
    • GameFi
    • NFTs
    • Metaverse
    • Web 3
  • Crypto Recap
  • Video
  • IDO Events
    • Airdrop
  • Scam Alert
  • Live Prices
  • PR
    • Press Releases
    • Sponsored Articles
    • Advertise
No Result
View All Result
CoinCu News
No Result
View All Result
Home Market

MetaMask knows there is a serious vulnerability, but after a month it still hasn’t patched it

January 22, 2022
in Market
488
114
SHARES
3.8k
VIEWS
Share on Facebook

Brazilian Crypto Trader Committed a $6.7 Billion $SHIB Error, Binance Must Fix

Etherscan, CoinGecko suffer from phishing attack – Users need to be careful

According to Alexandru Lupascu, MetaMask users who access the application via a mobile device run the risk of having their IP address exposed.

MetaMask

MetaMask mobile application does not guarantee user privacy

A cryptographer has warned MetaMask users that privacy risks could exist.

Alexandru Lupascu, co-founder of the data protection node service OMNIA Protocol, has found a critical vulnerability in ConsenSys’s popular Web3 wallet. This vulnerability allows the hacker to access the user’s IP address, creating a privacy risk. An IP address is a globally unique identifier assigned to a device that connects to the internet. When users store cryptocurrencies in the MetaMask wallet, vulnerabilities in IP addresses are a big problem.

Lupascu was upload A blog post explains that the vulnerability can be exploited by minting a collection of NFTs and airdropping them to a MetaMask-connected Ethereum address used on a mobile phone.

NFTs are digital assets that represent ownership of content such as art, music, and digital memes. They provide a way to tokenize content, but typically don’t store the actual content. Because storing image data on a blockchain like Ethereum can be expensive, NFTs contain Uniform Resource Locators (URLs) pointing to the data. Content for NFTs is typically hosted on a decentralized storage network such as IPFS or on remote centralized cloud servers.

By default, the MetaMask mobile app displays NFTs stored in an address using the URL to image data function command. This data is stored on remote servers. The process is done without the user’s consent to show what NFTs are in their Ethereum wallet.

During this retrieval, all server ports that handle the image data transmission receive the user’s IP information. In general, projects that operate servers for image data ensure the security of the data.

During his investigation, Lupascu identified malicious entities that could find MetaMask users’ IP data and exploit the information to launch targeted attacks. In his blog post, Lupascu explains:

“If a malicious person knows your blockchain address, they can generate an NFT with a URL pointing to their own server and transfer ownership of the NFT to your address. Therefore, when your crypto wallet retrieves the remote image from the server, it invades your privacy.”

Lupascu tested the vulnerability by creating an NFT on OpenSea based on the ERC-1155 standard. He then used a smart contract editor to change the original URL associated with the NFT to point to a new server under his control. Lupascu sent the NFT to an Ethereum address. When he accessed the address via the MetaMask mobile app, his IP address appeared on a server he controlled. Lupascu said it cost about $50 to carry out the attack.

Lupascu reported this issue to the MetaMask team in mid-December 2021, which means Web3 wallets have been aware of it for at least a month. The MetaMask team promises to release a patch by Q2 2022 – a timeframe that Lupascu says is “unacceptable” given the severity of the problem.

MetaMask founder Daniel Finlay admitted in an answer above tweets Lupascu said that “the problem has been known for a long time”.

“Alex is right to complain to us for not solving the problem sooner. Now start patching. Thank you for the criticism and we need it.”

Finlay too offer Wallet can “only load IPFS type mappings by default”. In addition, MetaMask users must explicitly consent to the retrieval of NFT data hosted on third-party servers.

Meanwhile, Lupascu believes that Ethereum users should be careful when receiving NFT airdrops and only access them through OpenSea.

“Until this issue is resolved in the mobile app, use the OpenSea platform with any Web3 compatible wallet to access your collection. A reminder to everyone that off-chain privacy is really important – don’t ignore it.”

Over the past few months, NFT collectors have lost millions of dollars in digital assets to attacks, hacks, and fraud. Many of the affected users have been storing valuable Bored Ape Yacht Club NFTs and other popular collectibles in MetaMask wallets and have been targeted and scammed. Because MetaMask is a hot wallet, it’s relatively easy for thieves to withdraw funds once they have the user’s private key. Because hot wallet private keys can be compromised through phishing and malware attacks, they are considered less secure than cold storage options like hardware wallets, which require access to the physical device to access the funds.

MetaMask is the most popular Web3 wallet for accessing Ethereum and other EVM-compatible blockchain networks. According to the data, as of November 2021, the wallet has more than 21 million monthly active users Notice Press by ConsenSys.

Join CoinCu Telegram to keep track of news: https://t.me/coincunews

Follow CoinCu Youtube Channel | Follow CoinCu Facebook page

MetaMask Unveils NFT Expansion: Report

Airdrop hunters flock to MetaMask Swap and Polygon

A white hat hacker just helped SushiSwap fix a vulnerability that could result in a loss of $ 350 million

Tags: hasntMetaMaskmonthpatchedvulnerability
Previous Post

Strategist Update Outlook for Bitcoin Post Recession

Next Post

Binance Withheld Information from Regulators

Other Posts

crypto scam
Market

“Crypto Is 95% Scams And Garbage,” Dogecoin Co-Founder Stated

May 23, 2022
crypto market
Market

Crypto Market Highlight May 22, 2022

May 22, 2022
CZ Bats for Cryptocurrencies To Increase Financial Inclusion
Market

CZ Bats for Cryptocurrencies To Increase Financial Inclusion

May 22, 2022
Manchester City Will Commemorate Memorable Events With NFT Collectibles | 22 May 2022 | Crypto News
Market

Manchester City Will Commemorate Memorable Events With NFT Collectibles | 22 May 2022 | Crypto News

May 22, 2022
Top Stablecoins Lose $7 Billion In May As Traders Redeem Tokens In Bulk
Market

Top Stablecoins Lose $7 Billion In May As Traders Redeem Tokens In Bulk

May 22, 2022
Bill Gates Does Not Own Any Cryptocurrency | Latest News 21 May 2022 | Crypto New
Market

Bill Gates Does Not Own Any Cryptocurrency | Latest News 21 May 2022 | Crypto New

May 21, 2022
Next Post
Binance Withheld Information from Regulators

Binance Withheld Information from Regulators

Contents

  • MetaMask mobile application does not guarantee user privacy
  • Fall of Terra – The Exact Timeline of UST attack – Deep Dive

    Fall of Terra – The Exact Timeline of UST attack – Deep Dive

    106 shares
    Share 42 Tweet 27
  • Vitalik Buterin Claims He Is No Longer A Billionaire

    106 shares
    Share 42 Tweet 27
  • Mike Novogratz’s LUNA Tattoo Will Serve As A Constant Reminder That Investing “Requires Humility”

    106 shares
    Share 42 Tweet 27
  • Charles Hoskinson explains why Djed’s USD peg is more powerful than UST’s

    108 shares
    Share 43 Tweet 27
  • Dogecoin Is More Valuable Than The Russian Ruble

    98 shares
    Share 39 Tweet 25
Pharrell Williams: Web3 Is ‘Scaring the System’

Pharrell Williams: Web3 Is ‘Scaring the System’

May 23, 2022
goldman sachs

Goldman Sachs CEO Continues “To Be A Real Bull On The Digital Disruption Of The Financial Infrastructure”

May 23, 2022
terra-luna-1

Terra Has A ‘Kill Switch’? CEO Do Kwon Revealed It In An Interview From 2021

May 23, 2022
Bitcoin causes anxiety when it sets a record of 8 red weekly candles and is predicted that the price can still continue to fall

Bitcoin causes anxiety when it sets a record of 8 red weekly candles and is predicted that the price can still continue to fall

May 23, 2022
Why does Euro Central Bank not like crypto?

Why does Euro Central Bank not like crypto?

May 23, 2022
Netflix’s “LOVE, DEATH + ROBOTS” launches NFT collection

Netflix’s “LOVE, DEATH + ROBOTS” launches NFT collection

May 23, 2022
Metaverse app BUD successfully raised Series B round with NFTs launch plan

Metaverse app BUD successfully raised Series B round with NFTs launch plan

May 23, 2022
crypto scam

“Crypto Is 95% Scams And Garbage,” Dogecoin Co-Founder Stated

May 23, 2022
Forj was renamed from Bondly Finance – a subsidiary of Animoca Brands Corporation Ltd, to focus on Web 3 and NFT

Forj was renamed from Bondly Finance – a subsidiary of Animoca Brands Corporation Ltd, to focus on Web 3 and NFT

May 23, 2022
fUSD de-peg and its implications for the Fantom ecosystem

fUSD de-peg and its implications for the Fantom ecosystem

May 23, 2022

  • bitcoinBitcoin(BTC)$30,440.003.25%
  • ethereumEthereum(ETH)$2,066.314.47%
  • tetherTether(USDT)$1.00-0.10%
  • cardanoCardano(ADA)$0.552.91%
  • SolanaSolana(SOL)$53.596.49%
  • dogecoinDogecoin(DOGE)$0.0879802.89%
  • tronTRON(TRX)$0.0780774.21%
  • FTX TokenFTX Token(FTT)$30.832.32%
  • cosmosCosmos Hub(ATOM)$11.916.63%
  • Axie InfinityAxie Infinity(AXS)$23.009.34%
  • TerraTerra(LUNA)$0.00019316.10%
  • FantomFantom(FTM)$0.49446010.90%
  • LINKLINK(LN)$54.5110.26%
  • Live Prices
  • Binance
  • NFT
  • Solana
  • Metaverse
  • Polygon
  • Polkadot
  • Coinbase
  • Trending
  • Top Coin
  • Vi
  • DFH

© 2021 COINCU Financial Group Inc. Address: Road Town, Tortola, British Virgin Islands. Email us: [email protected]

No Result
View All Result
  • Coincu
  • News
    • Bitcoin
    • Altcoins
    • Blockchain
    • Metaverse News
    • NFTs News
  • Market
    • Analysis
  • Knowledge
    • Crypto 101
    • DeFi
    • GameFi
    • NFT
    • Web 3
  • Crypto Recap
  • Video
  • IDO Events
    • Airdrop
  • Scam Alert
  • Live Prices
  • PR
    • Press Releases
    • Advertise

© 2021 COINCU Financial Group Inc. Address: Road Town, Tortola, British Virgin Islands. Email us: [email protected]

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
  • bitcoinBitcoin(BTC)$30,440.003.25%
  • ethereumEthereum(ETH)$2,066.314.47%
  • tetherTether(USDT)$1.00-0.10%
  • cardanoCardano(ADA)$0.552.91%
  • SolanaSolana(SOL)$53.596.49%
  • dogecoinDogecoin(DOGE)$0.0879802.89%
  • tronTRON(TRX)$0.0780774.21%
  • FTX TokenFTX Token(FTT)$30.832.32%
  • cosmosCosmos Hub(ATOM)$11.916.63%
  • Axie InfinityAxie Infinity(AXS)$23.009.34%
  • TerraTerra(LUNA)$0.00019316.10%
  • FantomFantom(FTM)$0.49446010.90%
  • LINKLINK(LN)$54.5110.26%