In the rapidly evolving landscape of digital assets, the security of our institutional users’ investments and operations is paramount. Security for our users is a core value held across Consensys. We are deeply intentional about how we design, architect and build our software and security is embedded into the fabric of the creation of our products. Notably, MetaMask Institutional (MMI) exemplifies our commitment to delivering unparalleled security measures and protections for our users across our product suite.

Let’s look at how MMI safeguards the interests of its users.

MMI Extension: A Beacon of Security

Contrary to misconceptions, the MMI extension is not a fork of MetaMask. MMI and MetaMask are the same code base, which is continuously updated, maintained and innovated upon by over a hundred engineers with top-tier expertise and experience within the blockchain ecosystem.

The MMI Extension has code that is unique to the blue fox, enabling direct connections to custodians. Our custodian API and backend services have also been penetration tested to ensure our architecture is safe and secure. Let’s see how they work: When a user transacts in the MMI extension, the transaction payload is sent to the custodian for approval and signing. After transaction broadcasting, we receive transaction status updates from the custodian via our backend infrastructure (namely a webhook API and a websocket API). These backend services allow for the Extension to be updated with the transaction status. A user therefore receives updates if the transaction is pending, sent, signed or mined.

The way to envision these backend services and the role they play is to think of a high-speed highway built to take fast and large traffic (transaction details) from the custodian to a user’s Extension instance. However, these backend services have also been made fault-tolerant. If they were to go down for any reason, we have included polling from the Extension itself. Hence, to continue the metaphor, if the highway was down for any reason, we have built another backup road to ensure the Extension fetches the traffic itself from the custodian. The goal of this design was to make sure that the MMI Extension could function independently for our users regardless of our infrastructure. Therefore ensuring accurate reflection of the transaction lifecycle.

By also connecting to custodians, we offer organisations unrivalled key management solutions that suit their organisational needs. These solutions empower entities to add policy settings and implement multiple signers and approvers to every transaction, bolstering transaction security.

We also offer MetaMask snaps in MMI, giving institutions the most extensive array of transaction insights. Snaps are features and functionalities, built by third parties, that allow users to customize their MetaMask wallet. The latest version of MetaMask Institutional, Extension 11.4 and up, allows users to select from a range of Transaction Insights Snaps and Notification Snaps to extend the capabilities of their MMI wallet. For instance, when executing trades on Decentralized Exchanges, users can now access comprehensive data that spans from potential smart contract vulnerabilities to projected input and output amounts using transaction simulation. This enhancement substantially aids crypto hedge funds by providing an in-depth understanding of the risks involved before submitting the transaction for signing.

Lastly, Blockaid has been natively built into the MetaMask/MMI extension. This means users receive native transaction insights protection from the extension. By opting in, users can enhance their security with alerts leveraging a unique privacy-preserving feature that simulates a transaction before signing and alerts them to scams. The alerts are currently available on Ethereum Mainnet. You can learn more about how to set up these alerts in your wallet here.

Portfolio Dashboard: Insightful and Secure

MMI’s portfolio dashboard is engineered with the highest security standards, powered by several internally developed APIs, including our customer API. These APIs ensure organisations can customise and control their data and permissions across their teams. Our Customer API, having undergone rigorous penetration testing, reflects our unwavering commitment to security. While primarily a read tool, the dashboard does offer the ability to transact. All transactions are first confirmed in the Extension and then approved through a user’s custodian.

Exceptional Customer Support

Understanding the critical nature of swift support in the digital asset domain, MMI prides itself on offering industry-leading customer support for our users. Our service-level agreement guarantees a response time of four hours, ensuring that our users’ concerns and issues are addressed promptly. Our users can also have direct Telegram groups with the sales, product and engineering teams, streamlining the resolution process and enhancing user satisfaction.

Certified Security Excellence

Reflecting our dedication to adopting and exceeding industry-standard protocols, MMI has achieved the SOC II Type 1 certification and is currently on the path toward SOC II Type 2 compliance.

In addition, Consensys has secured the ISO27001 standard, affirming our rigorous security measures and commitment to safeguarding user data and assets.

Conclusion

At MMI, and Consensys at large, security is not just a feature – it’s a cornerstone of our philosophy and product design. Through advanced technologies, comprehensive testing, and unwavering commitment to our users, we continue to set the standard for security in the digital asset space, ensuring that our institutional users can operate with confidence and peace of mind.