MetaMask Security Monthly: September 2022

This month, a little news from the Lab and some scams to be aware of…

by MetaMaskSeptember 30, 2022
Security report september

Security Laboratory


Big news in Endo is the latest attempt to refactor SES shim’s evaluator into a multilayered scope stack, also referred to as “quadruple backflip”. While it’s still in review, it’s looking good for inclusion in the next release. It addresses an issue of leaking the scope proxy and separates different concerns in global scope handling. There’s also a benefit to LavaMoat — it’s going to be able to use the unaltered SES shim when “quadruple backflip’ lands.


  • Documentation refresh shipped
  • New ways to use lavamoat-node: a convenience helper for running commands from node_modules/.bin and a programmatic usage API.

How and Why are MetaMask Users Losing their Funds due to Phishing Incidents?

“As MetaMask works to improve the fidelity of insight into the figures around Fund Loss Incidents due to phishing scams, the present study seeks to understand where, how, and why users leave the safe path and end up getting tricked by these phishing scams.” Read more!

Cautionary Tales

From the GitHub blog:

“On September 16, GitHub Security learned that threat actors were targeting GitHub users with a phishing campaign by impersonating CircleCI to harvest user credentials and two-factor codes. While GitHub itself was not affected, the campaign has impacted many victim organizations.” Read more!

With all the hype around the Merge, make sure not to get swept away by a scam!

Stay safe out there in cryptoland!

Receive our Newsletter