MetaMask enables privacy-preserving security alerts with Blockaid to protect users and flag malicious dapps
The new security alert comes with a unique privacy-preserving feature that simulates transactions to help protect you against bad actors.
Security and privacy are well-known web3 pillars, but doing so effectively together, without compromising on one or the other has been harder than anticipated. Until now, most security features required data to be shared with third parties for validation to provide alerts. With this new feature, MetaMask just became the first crypto wallet that allows you to choose both privacy and security when enabling alerts.
Together with Blockaid, we’ve developed a unique privacy-preserving feature that simulates a transaction before signing and alerts you to scams. The new enhanced security alert (previously tested with the Opensea feature) is opt-in and available on Ethereum Mainnet currently. You can toggle it on under “Settings” in the “Experimental” tab to validate your transactions before confirming them.
This unique functionality sets a new standard for security in web3 while eliminating the need to share user data with third parties. To learn more about this feature and how it works, check out our knowledge base article.
Detecting and preventing scams before they spread
When Vitalik’s Twitter account got hacked last month, Blockaid’s system detected the malicious dapp 24 hours before the tweet went live. Users who had Blockaid’s protection enabled in their wallets were alerted as soon as they connected to the dapp and additionally when they were asked to sign a transaction from the phishing site. This feature helped protect over $100k worth of assets from being stolen.
When @VitalikButerin's X account got hacked, @Blockaid_ was able to detect the malicious site >24h before it was uploaded to his page.— MetaMask 🦊 (@MetaMask) September 15, 2023
MetaMask + Blockaid are working to mitigate these situations and make web3 safer for everyone. pic.twitter.com/yiRDXoRoS8
Similarly, when Uniswap founder Hayden Adam’s Twitter account got hacked, this technology was able to detect the dapp and flag it as malicious in MetaMask and Blockaid’s joint Opensea experimental feature.
While we hope there won’t be a next time in terms of phishing and scams to this extent—with Blockaid estimating 1 in 10 dapps created are malicious—there will be.
Unintended transaction outcomes have ranked among the most common causes of fund loss incidents within MetaMask—approving transactions that do something you didn’t intend to. Examples include transferring all your ETH to someone, selling a valuable NFT for nothing, and allowing someone to withdraw all your funds.
In April 2023 we introduced an experimental opt-in Opensea alert that helped secure $500M of assets that could have been compromised. Due to the success of this experiment, we suspect that this evolved privacy-preserving security alert from MetaMask and Blockaid will help prevent billions of dollars worth of assets from being pillaged.
We’re thrilled to share this feature directly in MetaMask to help protect our users’ assets and prevent unintended transaction outcomes.
Defense in depth: Snaps, phishing detection, triage, and education
With security being a top priority at MetaMask, we take a multi-pronged approach to our defense strategy. Last month saw the monumental release of MetaMask Snaps with a whole trove of community-built features designed to provide transaction insights. These features are built by community developers to extend MetaMask’s capabilities and shield your wallet, complementing MetaMask’s underlying infrastructure and new security features.
By providing you with critical information before confirming transactions, Snaps add extra layers of protection to your wallet instead of relying on one single functionality.
In addition to Snaps, we’re working to expand the coverage of the MetaMask Phishing Detect list. This list flags malicious dapps before you even try to connect your wallet, and our team is constantly researching new types of scam activity and working with our partners to address them.
Our MetaMask Support team is closely working with a selection of tools and other partners to help triage issues reported by users and quickly respond when someone has lost their assets.
Finally, we believe education is important to avoid scams. Initiatives like MetaMask Learn help provide a free educational platform to those new or interested in web3 with short, engaging lessons like this Security module that helps detect bad actors and reinforces the principle of never sharing your SRP with anyone. Our monthly security reports also provide comprehensive updates from our team that keep up with the evolving security landscape day in and day out.
Prioritizing innovation, privacy, and security with multiple layers
Whether it’s privacy-preserving alerts, threat detection, or novel trust paradigms, we’re continuously working with web3 partners to examine new opportunities, angles, and approaches to security. We’re committed to providing a breadth of choice for you to shield your wallet. Protecting MetaMask users is a guiding principle and we’re excited to keep working with the entire web3 ecosystem to make this space safe while staying true to our core ethos of decentralization, privacy, and security.
We hope you enjoy the new security alert that helps you detect malicious dapps. Toggle it on in Settings under the “Experimental” tab to start validating your transactions!
Keep reading our latest stories
Developers, security news, and more