Recently, it has been widely rumored on the Internet that hackers have emptied the wallets of a large number of cryptocurrency users, and they have selected veterans in the currency circle to start. Since December last year, they have stolen more than 5,000 Ethereum coins. Later, it was even reported that the reason for the incident was “The private key of the MetaMask wallet was leaked on a large scale”, causing panic in the industry overnight, and making information security experts puzzled.
Taylor Monahan, the founder of the Ethereum wallet management company MyCrypto, posted yesterday (18) that she found that since December last year, a large number of encrypted wallets have been stolen, and the estimated loss is more than 5,000 Ethereum, worth tens of millions of dollars.
She added that no one knows about the hackers’ intrusion methods and attack methods, but what they have in common is that the victims are mainly senior people rather than novices in the currency circle, and the private keys of the stolen wallets are Created between 2014 and 2022.
Taylor Monahan advises users not to keep all encrypted assets in the same wallet for a long time, but to store them separately and use cold wallets as much as possible.
Although Taylor Monahan only stated in the post that “a large number of wallets have been stolen”, they did not know that the news became more and more biased later, making many people mistakenly believe that the attack breach was “MetaMask is not safe” and “MetaMask wallet private keys were leaked on a large scale” .
In this regard, the SlowMist security team tracked and found that there was no sign or evidence that the stolen wallets belonged to the same wallet provider or platform.
Yu Xian, the founder of SlowMist, also said that the reasonable explanation is that the private keys were indiscriminately collected together in some databases, and hackers gradually discovered that there were private keys in these data. He also emphasized that spreading rumors that MetaMask is not safe is a rumor.
On the other hand, the official team of MetaMask also responded that the reason for the theft of the above-mentioned users was not because of any loopholes in MetaMask, and that the statement that “5,000 Ethereum was stolen due to the hacking of MetaMask” was incorrect.
In this incident, the victims “were not limited to MetaMask users,” the team said. The data shows that the 5,000 ETH was stolen from different addresses on 11 blockchains.
MetaMask finally stated that the security team is working with other experts in the field of Web3 wallets to study the source of this vulnerability, and appealed not to store annotations online and use cold wallets more.
