
Introducing MetaMask Money Account
Earn up to 4% APY automatically as you trade, send, and spend. Turn your money on.

Featuring the SES v0.17.0 release landing the "quadruple backflip" evaluator refactor, Socket.dev's disclosure of npm bin script confusion attacks, LavaMoat's new global scuttling defense, and two MetaMask security talks at Devcon VI in Bogota.

Featuring a Consensys study on why MetaMask users fall for phishing, a CircleCI impersonation campaign that bypassed GitHub 2FA, and Twitter-promoted Ethereum Merge scam accounts impersonating Vitalik Buterin and the Ethereum Foundation.

Featuring Merge-themed phishing campaigns impersonating trusted entities to trick users into fake ETH 2.0 conversions, a breakdown of crypto honeypot scam mechanics, LavaMoat-style policy enforcement, and HackerOne bounty program metrics.

So-called "honeypot" scams are a constant on the internet, and are on the rise in the crypto ecosystem.

Featuring LavaMoat's launch of three experimental browser security tools targeting prototype pollution and cross-realm attacks, a fake $UNI airdrop that phished over 73,000 LP addresses, and a YouTube-based MEV frontrunning bot scam.

Take a look at MetaMask's founder portraits to learn more about the minds behind the world's leading self-custodial wallet.

If you’re new to Web3, you might still be getting used to using MetaMask and managing your new online identity and assets.

Learn how to transfer your assets with a secure bridging protocol

Featuring the $120,000 clickjacking bounty awarded to the UGWST, the Halborn "Demonic" vulnerability disclosure affecting browser wallets, plus the deprecation of eth_decrypt and eth_getEncryptionPublicKey.

Endo's import.meta and __dirname implementations for MetaMask's module compatibility, a distributed key generation prototype snap using multi-party computation for MetaMask Flask, and the launch of MetaMask's HackerOne bug bounty program.