Each month, MetaMask Security Director Luker reports on the latest crypto attacks and emerging risks that you need to know about.
December 2023 attacks included the KyberSwap exploiter demanding executive control of the protocol in exchange for returning $46 million, an $87 million drain of the HECO bridge on Justin Sun's HTX exchange, and the Ledger Connect Kit software supply chain attack drain over $610,000 from users. Expanding proactive, customizable wallet protections, MetaMask expanded to 12 security Snaps in the open beta. To combat emerging threats, MetaMask joined the Blockchain Association Policy Summit, and Tether began blocklisting OFAC-listed addresses. The full breakdown is below, but first...
Featured STEM pioneer: John Nash, mathematician who founded modern game theory
John Nash (1928–2015) was an American mathematician known for his fundamental contributions to game theory, including the Nash equilibrium. He received the Nobel Memorial Prize in Economic Sciences in 1994 and the Abel Prize in 2015. Game theory—the study of how rational actors behave when their outcomes depend on one another—sits at the heart of the crypto-economic incentive design that keeps decentralized networks secure.
LavaMoat and the Ledger Connect Kit supply chain attack
An supply chain attack on Ledger Connect Kit was estimated by researcher ZachXBT to have drained over $610,000 from users. For a closer look at what happened, why dependency management matters, and how LavaMoat can make products safer against this class of attack, MetaMask co-founder Kumavis published a full write-up. In his full write-up, MetaMask co-founder Kumavis explains how LavaMoat defends against this class of attack by granting each dependency only the capabilities it needs and blocking packages from loading new code at runtime, a protection that scanners flagging known issues alone can't offer.
Guard your wallet with 12 new MetaMask Security Snaps
MetaMask Snaps are customizable add-ons that extend wallet functionality. Twelve security Snaps are now available in the Snaps Directory via open beta
Wallet Guard: protects crypto with transaction insights and proactive security alerts
Web3 Security: integrates AnChain's AI-powered Blockchain Ecosystem Intelligence scores into MetaMask
Tenderly TX Preview: previews transactions before sending them onchain to surface insights, avoid failures, and save funds
Kleros Scout: retrieves transaction insights using contract metadata from the Kleros Curate registries
Forta: automatically scans the addresses in a pre-signed transaction against Forta's database of known scammers
Blockfence: helps evaluate the safety of a transaction before approving it
Saferoot: intercepts dangerous transactions in real time and instantly moves assets to safety
Assets Risk Detection: detects risks to user assets with GoPlus Security
TM ChainSafer: offers transaction insight and a security assessment to highlight transaction risk
Web3 Antivirus: flags scams and risks such as honeypots and poisoning attacks
Quick Intel: real-time token risk analysis across 28 blockchains
Dedaub: simulates transactions, verifies the reputation of the accounts involved, and calculates financial impact
Learn more about MetaMask Snaps and add security Snaps to your wallet.
Taylor Monahan on North Korean hackers and crypto policy at the Blockchain Association Policy Summit
At the Blockchain Association Policy Summit, MetaMask Security's Taylor Monahan joined Consensys attorney Bill Hughes and a panel of experts from US agencies including the DOJ, FBI, and FinCEN to discuss North Korean hackers and crypto policy. A few takeaways from the full panel.
How the money is made: North Korea generates crypto revenue both by hacking networks and by deploying IT workers abroad who route their pay back to the regime.
How it moves: stolen funds are laundered through increasingly sophisticated tactics, including mixers and overseas networks, which is why a Bitcoin mixer was among the sanctions discussed.
How it gets caught: blockchain analytics, monitorship, and cross-agency law enforcement are central to tracing, freezing, and seizing these assets.
What the industry can do: the panel closed on the crypto space's own role, from compliance and monitoring to working alongside law enforcement.
How MetaMask’s LavaMoat protects against supply chain attacks
Christian Montoya joined Web3 Antivirus for an X Space on how LavaMoat can protect against supply chain attacks like the Ledger incident, the Decentralized Infrastructure Network (DIN) being built by Infura, the dangers of eth_sign, and MetaMask Snaps.
Dissecting crypto scams and who is to blame
Taylor Monahan also sat down with Chris Blec for a wide-ranging crypto conversation covering how MetaMask makes UX security decisions, whether most hacks are the fault of users themselves, and how scam rumors get started.
KyberSwap exploiter demands control of protocol in exchange for return of $46 million in stolen assets
The hacker behind the $46 million KyberSwap exploit demanded "complete executive control" over the KyberSwap protocol in exchange for returning the stolen funds. In an onchain message, the hacker's conditions included full authority over the KyberDAO governance mechanism and ownership of all company-related documents and assets, along with promises to double employees' salaries, provide a 12-month severance package, and ensure tokenholders' investments wouldn't be worthless. With negotiations and law enforcement investigations ongoing, users should be wary of scammers claiming to represent the KyberSwap team, follow KyberSwap's official channels for updates, and never invest more than they're willing to lose, since there's always risk in entrusting tokens to a third party.
HECO bridge on HTX exchange drained for ~$87 million
The HTX exchange (formerly Huobi) suffered a breach that lost approximately $87 million in crypto assets when the bridge between HTX and Ethereum was exploited, moving large amounts of ether (ETH), tether (USDT), and wrapped bitcoin (HBTC) to an unused Ethereum wallet. Security firms CertiK, PeckShield, and Cyvers suggested the bridge's Private Key was likely compromised, and HTX Global's two hot wallets also lost funds. The incident follows a pattern of security issues at projects tied to HTX board member Justin Sun, including the recent ~$100 million Poloniex exploit at an exchange he also acquired. Whether the two attacks are directly related is unconfirmed. Sun stated that "HTX will fully compensate for HTX's hot wallet losses" and that funds in HTX are secure. Protocol operators are reminded to take wallet security and monitoring seriously, including multi-signature (multisig) wallets and strong Private Key management for non-multisig wallets.
Tether begins blocklisting OFAC-listed addresses
Tether introduced a new policy to strengthen ecosystem security by voluntarily blocklisting USDT addresses on the US OFAC Specially Designated Nationals (SDN) list, aligning its stablecoin more closely with sanctions enforcement.
MetaMask's December 2023 Crypto Security Report covered the KyberSwap exploiter's demand for control of the protocol in exchange for $46 million, a ~$87 million HECO bridge hack on Justin Sun's HTX exchange, and the Ledger Connect Kit software supply chain attack that drained over $610,000. Browse previous editions of the MetaMask Crypto Security Report for more threats, trends, and tips for staying safe across the ecosystem.