Each month, MetaMask security guru Luker reports on the latest crypto security risks and emerging threats that you need to know about. Dive into the action below. But first...
Meet our featured STEM pioneer of the month!👩🔬
American computer scientist and cryptographer Phil Zimmermann created the most widely used email encryption software in the world, Pretty Good Privacy (PGP), which has an open source implementation as well as a commercial one.
What we’ve been up to
MetaMask and CoinFello give guardrails to agentic smart contract interactions
We teamed up with CoinFello to launch an Openclaw skill that makes interactions between agents and smart contracts more secure. As CoinFello CEO Brett Cleary : "The CoinFello Skill introduces hardware-isolated keys and fine-grained delegations, giving AI agents a secure way to execute transactions while helping bootstrap onchain capabilities for the broader agent ecosystem." We're excited for the future of where permissioned frameworks and MetaMask Smart Accounts will go!
MetaMask in the security ecosystem
MetaMask contributes to AI agent security standard conversation
The US Center for AI Standards and Innovation (CAISI), part of the National Institute of Standards and Technology (NIST), issued a request for information (RFI) “seeking insights from industry, academia, and the security community regarding the secure development and deployment of AI agent systems” and the fox answered the call! MetaMask’s parent company, Consensys, filed a comment letter informed by our very own Marco De Rossi, Product Director and AI Lead for MetaMask.
The letter draws on De Rossi’s work co-authoring ERC-8004, an open standard for agent identity and trust that has grown to over 49,000 registered agents since its August 2025 proposal. It urges NIST to distinguish between “agents with unrestricted key custody, and agents operating through revocable, policy-bounded delegations,” and stresses the importance of considering input from the open-source and decentralized technology communities. Read more about it on the Consensys blog.
Friends of the Fox
Highlights from SEAL’s darkMode conference at ETHDenver
Yours truly was fortunate enough to join the inaugural darkMode event, and it was the highlight of my ETHDenver experience. If you’ve had some FOMO about it, the Security Alliance’s blog, Radar, has a recap of some of the stand-out talks. MetaMask is especially excited for the premier screening of Chain Patrol and security researcher @dobsec's documentary, called Lights in Dark Rooms, which was teased in Denver. The documentary exposes the chilling realities behind pig butchering operations, and will debut at EthCC.
ZachXBT finds scam ring that uses fake news to drive engagement
Security researcher ZachXBT has discovered a network of X accounts that impersonate influencers and post inflammatory and embellished representations of events related to war and geopolitics. After baiting clicks, the threads turn to promos for crypto scams. This drew refreshed scrutiny to the social media platform despite their recent efforts to deter bot activity and malicious AI use with threats of suspension. Zach argued that bans and legal repercussions would be more fitting.
Meanwhile…
The post-quantum conundrum
The implications that quantum computing will have on the internet as we know it have long been theorized—going back to at least 1981—including its potential to break encryption and put private information at risk. (Check out NIST's publication for more background on the topic.)
Quantum computing brings up concerns for both web2 and web3. While Google and IBM have both set 2029 deadlines to address the looming threat, Bitcoin and Ethereum contributors are working on their own internal deadlines to address quantum computing risks to align with web2. The Ethereum Foundation (EF) in particular has created a dedicated post-quantum team.
On March 29, 2026, the Google Quantum AI team published a whitepaper co-authored by EF researcher Justin Drake and Stanford cryptographer Dan Boneh that mapped some of the ways a quantum computer could attack Bitcoin, Ethereum, Solana, and other networks. While the findings are not an automatic death sentence to the cryptocurrency world, the paper reinforces the urgent timeline to address risks.
One piece of the puzzle is the "Harvest Now Decrypt Later" threat to distributed ledgers (e.g., blockchains) already being utilized by malicious actors and detailed by the US Federal Reserve in September 2025. This, coupled with future threats to digital signatures, has sparked heightened concern across the industry.
South Korea’s tax authority exposes seed phrases and loses $4.8 million
They say a picture’s worth a thousand words, but thieves didn’t need that many when the recovery phrases for wallets were exposed in a publicly-shared photo. The funds in question were seized during raids on 124 high-value tax evaders. When the government organization celebrated by sharing the photo, it did not realize it contained sensitive information.
This follows a similar incident that occurred in 2021, when Seoul's Gangnam police lost 22 BTC after leaving funds and a seed phrase with a third-party custodian.TRM labs deploys AI agents to help investigators track crypto criminals
Blockchain analytics firm TRM Labs has introduced an AI agent tool designed to help law enforcement investigate illicit cryptocurrency transactions. The tool is embedded in TRM's Forensics service and translates plain-language prompts into complex investigative actions, which the firm hopes will help investigators trace fund flows without highly technical inputs.The timing is notable. TRM data shows illicit crypto volume hit $158 billion last year, and AI-enabled fraud and scams have surged 500% as bad actors leverage automation, deepfakes, and AI-driven tools to scale operations faster than ever before. "The caseload is growing faster than the workforce, and investigators are being asked to operate across dozens of blockchains, jurisdictions, and typologies simultaneously," said Ari Redbord, head of legal and government affairs at TRM. This tool is meant to help close that gap.
Tales of caution
March campaigns to steal credentials
Last month saw several stories in which credentials were targeted, often putting crypto at risk. Here’s a roundup of some that were discovered by researchers:Fake Google Security site uses PWA app to steal credentials, MFA codes
Coruna (aka CryptoWaters) iOS exploit kit targets iPhones running iOS 13–17.2.1, but not the latest iOS
“The malware scans for crypto wallets, backup phrases, and banking data, exfiltrating sensitive information and loading additional modules from command-and-control servers. It targets numerous cryptocurrency apps, uses encrypted communications, and falls back on a custom domain generation algorithm seeded with “lazarus” to maintain persistence.”
“A new info-stealing malware called Torg Grabber is stealing sensitive data from 850 browser extensions, more than 700 of them for cryptocurrency wallets.”
How users can stay safe
Be skeptical of unsolicited messages, as AI-driven scams now use deepfakes and automation to appear more legitimateVerify identities through multiple channelsEnsure all devices are running the most up-to-date operating systems at all timesAvoid clicking links on unfamiliar websites, especially those related to financial or crypto services. Hidden iFrames are known to deliver exploitsUnderstand that password managers (LastPass, 1Password, Bitwarden, etc.) and 2FA tools (Google Authenticator, Authy, etc.) can also be targets; a single infection can compromise multiple layers of securityAvoid storing sensitive files (seed phrases, recovery codes, account backups) on your Desktop or Documents folders; these locations are specifically scanned by the malware
LLMs and agents bring the bad with the good
The rapid advancement of large language models (LLMs) and AI agent frameworks has brought genuine benefits, but they've also introduced a range of security and privacy challenges that we can’t ignore. Like any other tool, these can be wielded for good and evil. Here’s another roundup for you:LLMs can unmask pseudonymous users at scale with surprising accuracy
Windows and macOS Malware Spreads via Fake “Claude Code” Google Ads
OpenClaw Developers Lured in GitHub Phishing Campaign Targeting Crypto Wallets
Analyzing the Current State of AI Use in Malware
CISA: New Langflow flaw actively exploited to hijack AI workflows
Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website
How users can stay safe
If you’re concerned about anonymity, regularly delete old posts and rotate identities and accountsAvoid ad links and go directly to official project websitesBe weary of airdrops and token giveawaysReview extension permissions, remove unnecessary extensions, and make sure extensions are updatedNever expose AI agent frameworks (like Langflow) directly to the internetRotate API keys and credentials if suspicious activity is detected
Use traditional allow lists and deny lists for critical security decisions instead of relying on LLM assessment.
That's all she wrote this month. See you in May. Looking for more crypto security news, novel threats, and emerging risks to watch out for? Head here to peruse previous editions of MetaMask's Crypto Security Reports, and get additional tips for how you can stay safe across the ecosystem.
This article is written by:
- Luker
- EDUCATION
What is staking? How do I do it?
A deep dive into how token lockups and network staking work across web3
- GUIDES
Real‑world asset tokens: What crypto wallet users need to know in 2026
Explore how RWAs use blockchain technology to enable the trading of tokenized assets including stocks, bonds, and funds.
- GUIDES
Key differences between Solana and competing Layer 1 blockchain networks
Explore Solana's architecture, speed, fees, validator setup, and use cases versus other networks.
