MetaMask Security Alerts by Blockaid: the new normal for a safer transaction experience

MetaMask Security Alerts is now the default transaction feature for Extension and Mobile users across multiple networks. We collaborated with Blockaid on making this feature unique by adding a level of privacy so that the transaction is never shared with third parties when offering necessary scam alerts.

We launched the security alerts in October 2023 under “Experimental” settings for Extension users on Ethereum only. After a successful period, we’re excited to roll this out as default across more networks to Mobile and Extension users for a safer transacting experience. We anticipate this integration will save assets worth hundreds of millions of dollars this year alone.

Source: Blockaid

What networks are supported?

Make sure your Extension and Mobile apps are updated to the latest version (v11.10 and v7.17 respectively) to enjoy security coverage across these networks:

1. Ethereum
2. Linea
3. BNB chain
4. Polygon
5. Arbitrum
6. Optimism
7. Avalanche

Increased user adoption = increased security measures

We witnessed a surge of people installing and using MetaMask in the last quarter. From September 2023 until January 2024, MetaMask's Monthly Active Users surged by +55%, signifying a crucial phase for web3.

While it’s a promising sign of growing web3 adoption, we need to ensure that our users are equipped to keep journeying through this burgeoning crypto space because the scammers don’t sleep.

Attack vectors affecting DeFi are sophisticated and diverse, with hackers exploiting both on-chain and off-chain vulnerabilities. In particular, the compromise of private keys, price manipulation attacks, and smart contract exploitation drove DeFi hacking losses in 2023. pic.twitter.com/7ZShsNjL8t

— Chainalysis (@chainalysis) January 24, 2024

Since December alone we’ve seen many high profile attacks in the industry. During the Ledger Connect Kit incident, nearly 100 frontend dapps were compromised yet every MetaMask user who opted into the Blockaid security alerts was 100% protected, preventing ~$1.15M worth of assets from being stolen.

Unintended transaction outcomes (like unwittingly approving a transaction from a phisher that drains your wallet) remain one of the top fund loss incidents reported by our users. We hope implementing these security alerts helps safeguard you from diverse attack vectors.

Additional ways to practice good security hygiene

Self-custody is a big responsibility. Since you’re ultimately in charge of your account, you’re the only one who can manage dapp permissions and sign transactions. Stay informed and vigilant against scammers!

While we can implement all the tools in the world to try and keep you as safe as possible (which we are), good security hygiene is paramount to navigating this (sometimes scary) maze.

• We have a dedicated team at MetaMask who keep up with the latest attack vectors and publish security reports each month. Read them for a deeper dive and to know what to look out for.
• Install Security Snaps! Your wallet can never have too many shields. Browse and install community-built features here.
• Educate your friends getting into web3. MetaMask Learn provides a good high-level overview of the basics, and puts them to the test with this interactive security lesson. Build better habits together.
• If you’re a developer, learn how open source tool LavaMoat offers triple-point protection in the software development cycle and add it to your build system in just 1 hour to defend your app from an attack.

Just last year, over $1.7 billion of crypto was stolen. Don’t be part of a stat this year. Remember, when in doubt, just don’t interact.

Establishing new security standards

A 2023 survey conducted by Morning Consult for Consensys revealed that 76% of participants prioritize security when selecting a wallet. Just as the transition from HTTP to HTTPS introduced a security standard that protected users and built trust in the internet, the web3 ecosystem needs similar protective measures tailored to our unique environment. This involves tools and protocols that alert users to potential security risks associated with certain dapps—Blockaid’s research finds that 1 in 10 dapps are malicious—ensuring that only secure and verified transactions take place.

For web3 to move beyond this interesting corner of the internet and become mainstream, users need to feel confident that their assets and data are secure. Help us improve this feature by reporting false positives.

We hope you enjoy the new transaction experience! Stay safe out there.