MetaMask Security Monthly: October 2024

Our October security update uncovers DPKR workers hiding among web3 companies that have stolen headlines this spooky season, what we’re doing to keep you safe from dangers like this, and more.

by LukerNovember 1, 2024
MetaMask security monthly october 2024

Robert Ettinger father of cryonics

Robert Ettinger, author of The Prospect of Immortality, is credited as "the father of cryonics." His body is still cryopreserved, following his death in 2011.

🦊 What We’ve Been Up To 🦊

MetaMask integrates with NGRAVE to enhance security for web3 users

MetaMask has integrated with NGRAVE, creator of the "coldest hardware wallet", ZERO. This collaboration means MetaMask users can now enjoy the robust protection of NGRAVE's technology, ensuring peace of mind while navigating the world of web3.

"We are excited to partner with NGRAVE to provide our users with another highly secure option for managing their crypto and engaging with the Web3 ecosystem,” shares MetaMask Group Product Manager Alex Jupiter. “MetaMask is all about giving users control over their digital assets, and this integration further empowers them to do so in a way that combines security and convenience."

MetaMask and ChainPatrol protect users with phishing warnings

MetaMask Security employs a multi-pronged approach to keeping users safe, including a Warning Page that tells you when you’re about to interact with a known malicious URL. This warning is powered by Eth-Phishing-Detect with the help of ChainPatrol, the Security Alliance (SEAL), and over 100 community members providing threat intelligence.

Additionally, ChainPatrol is tirelessly helping take down malicious sites that impersonate Consensys brands, including MetaMask and Linea, to further protect users. ChainPatrol offers a public search page to increase visibility, allowing users to check blocklist statuses across various crypto security systems, access detailed reports, and understand the reasons behind the blocking of specific domains.

MetaMask ChainPatrol Eth Phishing Detect

🎙️ MetaMask in the security ecosystem 🔎**

MetaMask ranks #1 on Coinspect’s top 5 most secure wallets!



We're proud of ourselves, and wanted to share the news! The Security Score, ranging from 0 to 100, is based on four wallet security checklists, which include dapp permissions, intent verification, physical access, and threat prevention.

MetaMask's Taylor Monahan joins Unchained to talk about North Koreans infiltrating crypto



DPRK operatives are infiltrating the crypto industry, to fund the regime’s nuclear program by getting hired at crypto companies and stealing funds. The latest Unchained podcast episode features insights from Taylor Monahan, lead security researcher at MetaMask, and Sam Kessler, CoinDesk’s deputy managing editor for tech and protocols. They discuss the methods North Koreans use to embed themselves within the crypto space, the red flags companies should watch out for, and how these operatives utilize blockchain technology to anonymize transactions.

Unchained podcast

Meanwhile...

US sanctions crypto exchanges used by Russian ransomware gangs



The U.S. Treasury’s Office of Foreign Assets Control (OFAC) recently sanctioned two crypto exchanges, Cryptex and PM2BTC, linked to laundering funds for Russian ransomware gangs and cybercriminals. Cryptex processed over $51 million tied to ransomware, while PM2BTC enabled currency conversions for sanctioned Russian entities. These sanctions aim to disrupt financial networks supporting Russian cybercrime, and prevent U.S. entities from transacting with these exchanges.

Minimum Viable OPSEC checklist from Plainshift



“Recently, it’s become apparent to me once more just how poor the state of operational security in the blockchain industry is,” begins this in-depth deep dive. And honestly, it’s hard to argue against this hot take. The entire article is definitely worth a read, but the author who goes by the handle Sleepy was kind enough to also create a checklist if you’re short on time.

⚠️ Tales of caution ⚠️

Radiant Capital suffered a $50 million breach

Summary

Radiant Capital suffered a $50 million loss due to a sophisticated security breach targeting their development team. Attackers compromised devices with malware to execute unauthorized transactions. This incident, focusing on the development team, emphasizes the extreme measures threat actors will take, and the importance of vigilance in cybersecurity best practices.

How Users Can Protect Themselves

To enhance personal security and mitigate the risk of similar attacks, users should:

  1. Avoid blind signing: Always understand and verify the details of any transaction before signing, mainly when using hardware wallets. Blind signing can expose users to unauthorized transactions crafted by attackers.

  2. Follow official announcements: Stay updated with official communications from trusted platforms. Official announcements are crucial

DPRK IT workers

Summary

Researchers have identified a series of employment fraud schemes linked to the North Korean government, where nationals use stolen or falsified identities to secure jobs in Western companies. These schemes, documented in the U.S., U.K., and Australia, involve various deceptive practices, including reluctance to appear on camera. Part of a broader campaign to generate revenue for North Korea, these activities have been associated with the NICKEL TAPESTRY threat group, and contribute to the country's weapons programs. Recent operations, such as the Contagious Interview campaign, involve elaborate fake interview processes delivering malware to job candidates in the tech and cryptocurrency sectors. The U.S. Justice Department has also highlighted a multi-year IT worker fraud scheme generating significant revenue for North Korea and evading sanctions.

How Users Can Protect Themselves

Organizations can protect themselves from these sophisticated fraud schemes by implementing thorough verification processes for candidate identities, including checks on documentation and conducting in-person or video interviews. Monitoring for unusual behavior during interviews can also help identify potential fraud. Employers should be cautious of requests to change addresses or route payments to money transfer services during onboarding. Additionally, IT staff should limit unauthorized remote access tools, and restrict access to non-essential systems, mitigating the risk of intellectual property theft and unauthorized revenue generation for North Korea.

Inferno drainer hands over reigns to Angel Drainer



Summary

The crypto security landscape faces a potential escalation as Inferno Drainer, a notorious service known for facilitating crypto wallet thefts, has transferred its operations to Angel Drainer. This move could mark a new, more dangerous phase in crypto-draining activities. Inferno's decision to hand over its platform, including its extensive code base and features, to Angel Drainer is based on confidence in Angel's capability to manage and maintain the service. This transition is expected to keep clients' existing functionalities intact. Still, it raises concerns about the strengthened capabilities of wallet drainers, which have already contributed to significant losses in the crypto community.

How Users Can Protect Themselves

Given the growing threats in the crypto-draining ecosystem, individuals should exercise increased caution. Protecting oneself involves being vigilant about phishing attempts, often through fake social media accounts and websites. Users should double-check the authenticity of any crypto-related communication, and avoid clicking on suspicious links. Implementing robust security measures for crypto wallets, such as using hardware wallets and enabling multi-factor authentication, can provide additional layers of protection. Staying informed about the latest security threats and following best practices recommended by crypto security experts can help mitigate the risk of falling victim to sophisticated drainers.

Receive our Newsletter