Each month, MetaMask Security Director Luker reports on the latest crypto attacks and emerging risks that you need to know about.
November 2023 saw a string of high-value incidents and attacks online and in person. Tether froze 225 million USDT tied to a human trafficking syndicate behind global pig butchering scams, while Justin Sun's Poloniex lost over $130 million in a suspected private key compromise. In Montenegro, crypto executives were abducted and forced to empty roughly $12.5 million in wallets. MetaMask Security’s Taylor Monahan also connected with ZachXBT to dig into crypto losses linked to the LastPass breach. MetaMask's LavaMoat tool shipped an update that adds SES lockdown to its webpack plugin automatically. The full breakdown is below, but first...
Featured STEM pioneer: Satyendra Nath Bose, physicist behind Bose-Einstein statistics
Satyendra Nath Bose (1894–1974) was an Indian physicist whose 1924 work laid the foundation for Bose-Einstein statistics and, with Albert Einstein, the theory of the Bose-Einstein condensate. The class of particles known as bosons is named after him. His contribution shows how foundational, carefully reasoned theory can quietly underpin technologies and ideas far beyond its original moment.
MetaMask continues efforts to combat DNS hijacking with allowlist initiative, issues call to developers
Over the past three years, more than $125 million has been extracted through DNS hijacking and malicious content injection. To reactively and proactively mitigate these threats, MetaMask is adopting a blockchain-call-data allowlist solution via Yearn.. Developers can review the proposal and feedback form and share their input.
Enabling MetaMask security alerts and additional Snaps that strengthen wallet protections
MetaMask reminded users to opt in to its Blockaid-powered security alerts by going to Settings > Experimental and enabling the feature to validate transactions before confirmation. As MetaMask noted, Transaction Insights Snaps complement the Blockaid alerts to add another layer of protection to a wallet.
(Editor’s note: Blockaid-powered security alerts are now integrated natively within MetaMask.)
Security experts continue investigation of crypto losses from the LastPass attack
MetaMask Security’s Taylor Monahan teamed up with ZachXBT to investigate crypto losses connected to the LastPass breach. According to their research, the threat actors are believed to be cracking stolen password vaults to reach stored wallet passphrases, credentials, and Private Keys—a continuation of the pattern Monahan has tracked since the breach first occurred.
Ian Wallis presents "Security Considerations in Web3" at ZuConnect
MetaMask's Ian Wallis presented at Zuzalu's ZuConnect event in Istanbul, sharing a "Security Considerations in Web3" slide deck on the security trade-offs that come with building and using web3 applications.
LavaMoat update: automatic SES lockdown in the webpack plugin, and a conference tour
LavaMoat released an update to @lavamoat/webpack with a convenience improvement: it now adds the SES lockdown to the resulting dist automatically and provides an opt in helper that integrates with html-webpack-plugin to embed it in the default HTML template. Feedback and support are available in the LavaMoat discussion thread. The team also stayed on tour with an in-person defensive coding and LavaMoat intro workshop at NodeConfEU, and the React Advanced recording is now publicly available.
Tether freezes 225 million USDT tied to a pig butchering syndicate
OKX, Tether, Chainalysis, ZachXBT, and the US Department of Justice collaborated to freeze 225 million USDT linked to a human trafficking syndicate responsible for global pig butchering scams—the largest token freeze Tether has performed to date, with plans to work with lawful end users to unfreeze their wallets. To avoid pig butchering and romance scams: treat offers that seem too good to be true as suspect, be wary of unsolicited contact from strangers asking to exchange or send money (including online relationships with people never met in person), and start a chat with MetaMask Support anytime if something feels off. The FTC also has guidance on recognizing romance scams.
Poloniex loses over $130 million and offers a $10 million bounty
Justin Sun's centralized exchange Poloniex suffered a suspected Private key Compromise in early November 2023, losing over $130 million—one of the largest hacks of the year. The Poloniex team reported that they identified the attacker, and offered a $10 million bounty if the funds are returned, with law enforcement threatening action otherwise. Poloniex also announced that funds would be restored to affected users. As this attack underscores, when your assets sit on a centralized exchange, you don't control or secure your own Private Keys—the platform does, which means its compromise can become your loss. That's why secure, self-custodial storage matters when you're managing your own funds: with a self-custodial wallet, only you hold the keys, and no exchange breach can hand them over. In practice, that means withdrawing tokens you don't actively need off exchanges, keeping large or higher-risk holdings on a cold wallet and smaller, everyday amounts on a software wallet such as MetaMask, and remembering the adage this incident keeps proving true—"not your keys, not your coins."
Crypto executives abducted in Montenegro and forced to empty ~$12.5 million in wallets
On November 11, 2023, Binance's CZ reported that executives from a client were lured on a "business trip" to Montenegro, where they were abducted and forced to empty their wallets, losing roughly $12.5 million. Binance traced the stolen funds on-chain and worked with partners to freeze the wallet they were moved into.
A few habits make you a harder target. Keep your crypto holdings private, sharing only with those who strictly need to know, since visibility raises your threat profile. Diversify across storage that fits your usage—pair MetaMask's self-custodial wallet with a supported hardware wallet for everyday activity, and consider multisig or paper wallets that aren't tied to your identity for larger reserves. Keep geographic distance and good operational security between multisig keyholders, and avoid carrying access to more funds than you need on devices you travel with.
MetaMask's November 2023 Crypto Security Report covered Tether's freeze of 225 million USDT tied to a pig butchering syndicate, the over-$130 million Poloniex hack and its $10 million bounty, and the abduction of executives in Montenegro who were forced to empty roughly $12.5 million in wallets. Browse previous editions of the MetaMask Crypto Security Report for more threats, trends, and tips for staying safe across the ecosystem.