The MetaMask hack has resulted in losses of over $10 million in crypto for major investors, though the exact nature of the attack remains unknown.
In December 2022, an unidentified hacker targeted and stole over 5,000 ETH from the MetaMask cryptocurrency wallet, resulting in significant losses of more than $10.5 million for the victims. The wallet’s creator, using the alias @tayvano_, made this announcement on Twitter. It’s unclear how the hacker was able to take such a sizable amount of money from experienced investors, but @tayvano_ claims that the attacker targets crypto market veterans and can recognize MetaMask users by analyzing their onchain transaction behavior. It’s unknown whether the hacker acted alone, but since the December 2022 attack, the hacker has successfully attacked eleven blockchain networks.
One hypothesis suggested by @tayvano_ is that the hacker obtained a significant amount of data from victims’ PCs. The selection process of the victims, the execution of the plan on multiple targets, and the details of the hack itself remain unclear. At the time of writing, MetaMask has not released any official statements regarding the incident, and the identities of the affected parties are unknown.
After stealing from a victim’s wallet, the hacker changes altcoins into Ether (ETH) to exchange them for Bitcoin (BTC) and sell them on controlled trading platforms. @tayvano_ suggests that large MetaMask users spread out their investment portfolios over multiple wallets to reduce the chances of losing money.
In mid-April, parent company ConsenSys reported a significant breach of MetaMask user data, wherein unidentified persons obtained unauthorized access to the data of the wallet’s third-party customer service provider between August 2021 and February 2023. According to ConsenSys’ estimation, the data leak impacted at least 7,000 crypto users worldwide, but only three MetaMask customers have reported financial losses so far.