
Introducing MetaMask Money Account
Earn up to 4% APY automatically as you trade, send, and spend. Turn your money on.

Featuring the Venom Drainer scam-as-a-service that stole $27 million, MetaMask, OpenSea, and Blockaid's new transaction security feature, a multichain drainer targeting longtime crypto users, and Etherscan's move to curb address poisoning.

MetaMask’s Buy Crypto aggregator finds a new home in the comprehensive dapp for a simple purchasing journey.

Featuring a surge in airdrop scams that exploited fake giveaway hype to phish users, roughly 2,400 wallets targeted before the Arbitrum airdrop, a Cloudflare Global API key warning for web3 teams, and EthDenver talks on Delegatable and JavaScript realms.

With its latest updates, MetaMask Mobile App improves load times, browser navigation, and account connectivity; MetaMask Extension enhances the onboarding experience.

Featuring MetaMask disabling eth_sign by default as the Monkey Drainer phishing group shuts down, a Namecheap/SendGrid breach behind MetaMask-branded phishing emails, a Google Fi SIM-swap hack, and a fake EthDenver site tied to a phishing wallet.

Featuring address poisoning attacks that exploit lookalike wallet addresses, a deep dive on read-only reentrancy as an emerging DeFi attack vector, LavaMoat's new LavaTube object-graph tool, and RATs hidden in fake game downloads.

Featuring the Lazarus Group's new AppleJeus malware in fake crypto apps, a social engineering scam netting 14 Bored Apes worth $1.07 million, LavaMoat's bin confusion mitigation, and a year-end wrap covering PhishFort takedowns and the MobyMask launch.

Featuring LavaMoat's rollout of Snow and global scuttling to the MetaMask Extension, the case for integrating Snow into MetaMask, a Twitter Space on Snaps and self-custody after the FTX collapse, and Google Sites and Telegram trading bot scams.

MobyMask, a new initiative from the MetaMask team to help proactively protect users from phishing, uses a dynamic web of trust for sourcing phishing reporters.

LavaMoat is a set of security tools for any JavaScript app to mitigate software supply risks.