MetaMask Security - 9 Attacks and How to Stop Them
Vložit
- čas přidán 20. 07. 2024
- What are the ways your MetaMask will be attacked? In this video, I do a deep dive into the security and safety of your self-custodial wallet. Bulletproof your MetaMask by understanding where you are vulnerable.
Helpful Links Mentioned in the Video
Official MetaMask website: metamask.io/
Connect your hardware wallet CORRECTLY: (Video Coming Soon)
Verify that your hardware wallet setup is correct: (Video Coming Soon)
DeBank: debank.com/ (connect your wallet to use Approvals section)
DexScreener: dexscreener.com/polygon
RugDoc: rugdoc.io/
RektNews: rekt.news/
0:00 The 3 Categories and 9 Attacks
1:16 Private Key Vulnerabilities
2:05 Private Key vs Secret Recovery Phrase
2:35 Attack #1 Private Key Phishing
3:00 Phishing Websites
3:22 Defense #1
4:48 Attack #2 Unsecure Phrase Storage
5:04 Defense #2
6:00 Attack #3 Stolen Encrypted Private Key
7:04 Defense #3
9:20 Attack #4 Supply Chain Attack
9:40 Defense #4
10:13 Attack #5 Clipboard Hijacking
10:50 Defense #5
11:24 Attack #6 Malware in General
11:35 Defense #6
12:23 Attack #7 Infinite Approvals
14:40 Defense #7
15:55 Attack #8 Smart Contract Hacks
16:22 Defense #8
18:57 A non-attack (Disconnecting MetaMask Does Nothing)
19:39 Attack #9 Scam Tokens
20:06 Defense #9
*This video should not be taken as investment advice. I love sharing what I learn, but I'm human and have made plenty of mistakes so please do your own research. Crypto and DeFi change so quickly that this info might not be accurate by the time you watch it. Thanks for watching!
#DeFiSafety #Crypto - Věda a technologie
I love how you broke down the difference between the private key, seed recovery phrase, and encryption for the private key file where the "password" for logging into your metamask is what decrypts your private key file. Very helpful information, thanks. Subbed.
Supply Chain attack is the most underrated attack. Thats why i use the Airgap Vault. With it i can turn a spare smatphone into a harware wallet. So i can be 100% independent. Its Open source and free to use
How on earth does this channel only have 990 subscribers? I only recently found it and the way you explain complicated topics is nothing short of amazing! Thank you and keep up the good work! (PS: my gf hates you, because I've been staring at your videos all day)
I was searching for this type of video! Great work no bs. Unfortunately are many videos covering this topic. Again great job!
Great Jeremy. Perfect video for a person who almost thinks they know what their doing, like me. Really great advice! Thanks
Hey Jeremy! Great video. I was shocked to see you have less than 1K subscribers! I guess we are all early! The quality of the videos are of that with someone with 100K+. Keep up the great content! Glad to be under 1000 club!
Probably the best video out there for security. So informative
Amazing video. Clear and educational. Subscribed cheers!
I had 20$ in my metamask wallet for about 2 months, then i sent more crypto from my binance account making total of 101 usd eth in the metamask wallet and after 3 minutes my wallet got wiped out, it sent all the usd to a different address after receiving from the binance.
Yes, great video with a lot of easy to follow information. I shared it with someone who is in a position to share it with many groups. Thanks so much.
Thank you Jeremy. Much appreciated.
The content is very intense and useful. Thanks for sharing it.
Thank you so much for this! Rlly underrated man!
Very good video, totally worth subscribing to.Well done :)
Best video on this topic yet, thank you!!
Really informative video. Well done. Learnt a few new things.
It's really perfect video you had explained full detailed. Awesome. 👏👏👏
Thanks! Loads of good info mate! Staking and smart contracts have more risks I had no idea about so I be staying away until I understand it more...
Thanks! Ya, definitely good to do the research first. If you want a good place to start uniswap (for eth and polygon) and pancakeswap for bsc are the standards (though I trust uni more than pancake). So they are good places to get your feet wet.
I think it would have been worth talking about multisigs like Gnosis Safe, and also about the recent introduction of QR code confirmation in Metamask which make it very easy to have a cold wallet on an old phone for example (with AirGap Vault). I learned some things as well, thank you for the video!
Honestly I need to learn more about gnosis. And ya, the qr code function seems pretty cool. I've been reading about the keystone hardware wallet that connects with qr code and tries to prevent blind signing.
well done whit making this video brother! You havea anew subscription
Thanks for the MM lessons - subbed!
This is a great vid!! Thanks!
Great vid - subbed!
Thanks for the video man. You gained a sub, keep it up! 😁
Thank you! Actively working on two more videos right now. Even if the topics of the next two don't interest you I have lots of educational content planned out that I feel will bring value to subscribers. Thanks for the trust!
great video Bro, thanks!
Awesome video, really thorough. I recently had an unknown token sent to my wallet and I didnt understand why/who would send that. Now I know, its #9 :) Thank you
Proud of you for watching all the way to number 9 😂 and thank you!
Great video!
Good vid man
Great video that we share with our delegators and email subscribers
Good stuff! Thanks.
I recommend the above 👆👆name on my handle, he's incredible in metamask recovery
Im just beginning my crypto journey and naturally have been overwhelmed studying, particularly about wallets and safety etc. Thank you Jeremy for taking the time to help simplify the process. I’m an engineer by trade so not some numb nuts but it’s still a very daunting task when we’re speaking about 1000’s and 1000’s of dollars. I appreciate your knowledge, dedication and most importantly your time. I believe Ive watched every upload you’ve done so far. All the best good Sir.
gods, thank you so much. number 7 is so common. i keep telling my mates to not do it and they keep forgetting.
Very clear and informative. Great video. One thing to emphasize even more is that Metamask will ask you for your recovery phrase on a new machine. I know you mentioned this, but right after you say that Metamask will never ask for your phrase, which is a bit misleading.
Thank you for the clarification! It's hard to differentiate between the fact that MetaMask support will never ask you for it, but that you need it if you want to restore your account on a new machine. Good point!
@@jeremydefidance4968 Exactly! Putting it in terms of support is great.
Well Done!!
Great video...subed
thanks for sharing this
Great video so subscribed, just one question, should you disconnect hardware wallet from Metamask after completing your transactions?
Good question. There is no need, as metamask becomes purely a front end user face. There would be no way for MetaMask to do anything malicious because a hardware wallet is an offline signer. The only thing that connecting to metamask does is tell metamask your address (it's public so no worries) and let's metamask send suggested transactions to the hardware wallet (which the hardware wallet recreates once approved by confirming on the device) so once again no worries.
Please go back to uploading videos! Your knowledge is so valuable and important!
Thanks
Excellent video! Thanks for educating us. Curious if you've participated in Algorand's growing DeFi protocols (AlgoFi, Tinyman, etc.). They have an "Opt-in" request for their smart contracts but I never noticed an 'unlimited token spend' option like MetaMask.
Interesting! I'm not on the algorand network yet, but this makes me want to go check it out.
thanks
One of the most useful videos I have seen about crypto
Thank you!
Good videos
Perfect
GREAT TIPS 🏆🏆🏆 Wallet completely compromised all tokens gone, but they left NFT‘s, they obviously could take them if they want to but didn’t leave enough ETH 😳
If I wanted to set up a new Account, … would a different account within the same MM wallet come with NEW private keys? I believe I had two accounts under one MetaMask and it would be the SAME Private key to access both accounts.
My guess for the safest route would be that I would NOT create a new account within prior wallet accessed with same private key but instead create a completely new account AND wallet and then I would get new private 🔑 all together, deposit ETH and send NFT’s to NEW wallet containing new account???
I just need to get the NFTs out before they come back.
good news is they would need to deposit in the old account w NFT’s to get the NFT’s out 😆😆😆
Curious ur take thanks again 🙏🙏🙏
How do I revoke a specific address from my wallet? There are no permissions or connections or anything shown in my metamask. But this one specific address keeps taking my crypto. But I don't know any other way of specifically blocking their address.
Man in the middle attacks? Is this a thing? Should we keep on verifying the smart contract addresses we're approving? Thanks
Brilliant
Thank you! I'm hoping I can use this channel to help people actually learn about DeFi and how to use it safely and effectively
when will the video about Verifying that your hardware wallet setup is correct video be uploaded? really need that one
The script is written, but I won't be able to film until next week. Here is the gist of it though: you want to make sure that your metamask secret phrase and ledger (or whatever wallet you use) secret phrase are different. If they are the same that means you imported metamask to hardware wallet and that means your hardware wallet is still a hot wallet. Ledger has a tool called recovery app where you can verify (but it doesn't store it so you can only enter it until you get it right), and metamask has the secret recovery phrase stored in MetaMask so you can check that one too. If that's not clear, I'll make the video much easier to follow haha
2:25 I imagine how pissed is the wallet owner now with the exact private key
I have a scam coin in my wallet on eth 846 days ago phishing attack. I collect xen and it's takin right away. Revoked all approvals in account it still happens only on eth my other chain assets are not effected how to stop this. My account on pulse is staked can't move my wallet
Any new video
20:11 ... Maybe show the steps visualy ,Along the way !
Like where to Click to Do X
I was hacked and don't recall using a seed phrase to log into my MM wallet. It seems like the hacker has had access to my wallet because I had many tabs open, I fell for one MM hack ( fake pop-up --- "transaction failed, click here to view" )... I disconnected my MM from all the connected sites within the MM chrome extension, updated my computer, and changed my login MM password ( if that helps ). I have not added more value yet... How much safe is my wallet in this situation? ( all my ETH was drained $350 )
Your wallet is not safe in this situation. Luckily setting up a new one is easy. You'll just need to set up a new metamask by using a new browser profile. You'll know you've done it correctly if you get a new seed phrase to record. Then send your old assets over to the new wallet. Normally this is expensive because of gas prices but gas is really really low right now on eth.
need to connect my Ledger Nano X to already existing Metamask accounts -- can you help please?? Do you have a video??
EXCELLENT INFO!!! WHAT IS SAFEST WAY TO MOVE MY METAMASK FROM CURRENT LAPTOP TO A NEW AND SECURE ONE? Should I be worried about typing in my recovery phrase? Can this process be done offline for safety?? 🙏
Thanks! Unfortunately you can't recover a hot wallet (your current metamask wallet) without typing it into a computer. But since you are trusting your computer with your seed anyway there shouldn't be any additional trust required just to type it into your computer. If you want to protect against malware on your computer you'll need to transfer all your funds to an account generated by a hardware wallet.
Jeremy wouldn’t blue tooth take care of this ?
Im on bsc network. All my bnb got stolen i still have some assets left. When i send a small amount of bnb to my compromised wallet it gets send to another wallet just seconds after. So in other words i cant send away my assets because the bot/program keeps sending my bnbs away in an instant, so i cant do transactions. Any idea/solution/tips?
Revoke all the smart contracts in your wallet, as he mentioned in the video.
@@ronaldlee5509 Hey thanks for trying to help me. I was able to get my money back a while ago. I was lucky since the bot only took away amounts over around 25 cents. So i was able to send 20 cents to my wallet (in bnb) without it getting send away, and i was able to just get out my money easy with the 20 cents bnb for transaction.
Nice solution! That's cool you noticed the pattern and snuck it out. Phew!
Your computer does not keep a keyboard history! Like you expressed in video. Keylogger will only capture future strokes. Clipboard records sometimes
Question, once I try to swap BNB to a WBNB Crypto on METAMASK there’s a screen that says send to and that account does not match any of my 2 accounts on METAMASK.. can you help ???… I can also email images
I advice you file a report to zellhack1 to help you fix this .
Do you suggest using a VPN?
So having a VPN is not important at all when it comes to protecting your crypto?
I got scam by the last one, they scam me by getting polygon airdrop, its a huge experience for me. Please dont fall for this, you should be careful if it too good to be true
If you are sent scam tokens that you seriously do not want in your possession, is there a real burn address for unwanted tokens on any network? Seems unlikely because the unique chain is specific to that unique network. For example, MATIC tokens works with MATIC blockchain; TRX tokens works on the TRX blockchain or stuff like that. Well, what if there are tokens on a network that doesn't include a burn address on their corresponding network?
Most people use 0x00000000 as their burn address. Basically you can send the scam tokens away, but it costs gas so there is no real need to get rid of them.
Hello can i ever withdraw my eth from my mets to binance? Cause i tried to transfer but it didnt credited but in my meta it was completed sent..so where does the eth went? Huhu😢
Good afternoon everyone I have a question my metamask account was hacked 3 days ago one of my nfts was stole I Uninstalled my metamask and haven't noticed anything else missing my question is if I restore my wallet could this person regain access?
Good question. First things first, uninstalling your metamask doesn't protect you. The hack happened through smart contracts or leaking your private key. Best method is to set up a new wallet (new private key) and transfer everything over.
Hi I just lost 5eth on metamask but I did not even use it for months. Do you think nicehash quickminer can do it cuz my mining computer said something is changed in windows. Also do you think macbook can be hacked cuz i do my trading there?
I do know that using nicehash you have to remove some antivirus functions in your windows. So that is a possibility it was hacked. Was all your wallet gone or just one token?
MacBooks are vulnerable too - though less targeted because less people use them when you consider the population of the world. I'd seriously consider a hardware wallet. In comparison to 5 eth, they are dirt cheap.
@@jeremydefidance4968 my wallet is still here but the eth r gone. Honestly I have no idea how I got hacked I was just mining. I did not even use the computer for weeks so it was not a link. I didn’t even unlock metamask but it was connected to OpenSea the entire time.
That's so weird! Bummer. I had heard something about an opensea hack, but I'll need to look more into it.
@@jeremydefidance4968 yea I know it’s not like I clicked a wrong link. I basically was gone for a month and it got hacked. If you can look into the OpenSea thing that would be nice but thanks either way. It’s a huge loss for me and I don’t even know the reason.
My metamask have Been hacked, and i cannot deposit bnb to that wallet because it Will lost immediately. How to fix it, thank you
mee too
how can i contract with you
my metamask got hacked today, after watching the whole video I can only conclude that is was malware. I don't know which malware and I'm not 100% sure too cause my windows defender isn't detecting anything.
Who knew? While talking about scammers they would have the guts to reach out in a comment on this video. This is a perfect example of attack #1
And if malware truly was the cause, I'd recommend a hardware wallet. It's worth it in the long run.
hi sir my husband meta mask is hack can you help us...
I subscribed excellent informative video!
Hi my computer was Hacked when I went to a fake elephant money website connected then approved some transactions giving the hacker approvals on some transaction in the form of gas fees. I went to Revoke and stopped the transactions I gave approvals for. Question how do I know I'm free of the hacker who stole 250$ from my Meta mask? Any way I can find out if I'm 100% free from this thief?
It sounds like you did everything perfectly. If you revoked all contract approvals then you are good! If you need even more peace of mind then transfer everything to a freshly created wallet.
Now my funds are frozen. Please help me
Has it been resolved?
these are bus soletion and new wallet of transection crypto easy
You forgot to mention that someone could randomly guess your 12 word seed
I'm not sure if this is a joke or not. If it isn't, I'll admit I once had the same question but with a quick Google found it was impossible. Two links you may find interesting. Link one: www.reddit.com/r/BitcoinBeginners/comments/n3ywlg/seed_word_is_like_1224_words_cant_someone_simply/
And link two: www.reddit.com/r/Bitcoin/comments/q2d5qm/think_somebody_can_guess_or_accidentally_get_your/
I recommend the above name on my handle, he's incredible in metamask recovery
Just got hacked on Beefy! They were a long standing, trusted protocol. Thier website got hacked. Ptroblem was, this hack allowed them to take coins from chains I wasn't even on! I lost 3/4 of money it took me 2 years to build up.
this is my problem my oll wallet is hacked trustwallet phantom metamask pu ,,,,
One of the most detailed video. Good job done by you. Always pinned your bitcoin address or crypto address so that we can contribute a little bit of appreciation for this deep analysis.
I can’t explain what really happened when I discover I have been hacked, thanks to ZELLHACK1 and his team for helping me get my money back .
thanks for sharing this
I recommend the above name on my handle, he's incredible in metamask recovery