Each month, MetaMask Security Director Luker reports on the latest crypto attacks and emerging risks that you need to know about.
March 2024 saw a burst of activity around ETHDenver, where MetaMask hosted a security spotlight and co-hosted a State of Security event with Wallet Guard, alongside new additions to the Snaps beta—a DeFi Armor transaction simulation snap and Happy Harpie's signature insight snap. On the threat side, an Inferno Drainer service attack resulted in $2.5 million stolen fundsFTX and BlockFi users lost over $7 million to a Pink Drainer email phishing campaign, and an exploit of Curio's MakerDAO-based contracts cost over $16 million. The full breakdown is below, but first...
Featured STEM pioneer: Kono Yasui, cytologist and Japan's first female doctor of science
Kono Yasui (1880–1971) was a Japanese cytologist and botanist who, in 1927, became the first Japanese woman to earn a doctorate in science. Her research spanned plant cytology and genetics, including detailed studies of the structure of coal-forming plants, and she worked to open science education to women. Yasui's painstaking, microscope-level attention to structure—seeing what others overlooked—reflects the same close scrutiny that careful security work demands.
Snaps stories: Account Management Snaps, a DeFi Armor simulation snap, and Harpie's signature insights
The Security Snaps lineup is growing. MetaMask added a new transaction simulation snap from DeFi Armor, which flags a transaction and explains why whenever it fails DeFi Armor's curated, customizable security policy. Also new is a signature insight snap from Happy Harpie's ETHDenver hackathon project, which decodes signatures, checks any addresses in a signature payload against Harpie to catch malicious ones, and reads Seaport NFT listing signatures to warn you when a listing is priced well below floor. Meanwhile, the Account Management Snaps open beta remains open to try, featuring snaps from Capsule, Safeheron, and Silent Shard.
MetaMask hosts a security spotlight at ETHDenver
MetaMask held a security spotlight event at ETh Denver 2024 joined by friends from Alterya, Blockaid, Chain Patrol, Forta, Hexagate, Hypernative, Karma3 Labs, Paradigm, and Wallet Guard. Video recordings are now available to everyone!
MetaMask and Wallet Guard host March 2023 State of Security X event
MetaMask and Wallet Guard’s latest State of Security X event was co-hosted by Ian Wallis, Ohm Shah, and Michael K. Topics included future-proofing, current and future AI threats, the latest social engineering and phishing techniques, airdrops and farming risks, and special-edition coverage of ETHDenver security discussions.
Blockfence's Blockchain Security Series features MetaMask Security’s Taylor Monahan
In episode 3 of Blockfence's Blockchain Security Series, MetaMask's Taylor Monahan joined Blockfence's head of security research, Pablo Sabbatella, to discuss why builders must protect their users, their shared appreciation for white-hat hackers, and a chain of attacks on older wallets that occurred the previous April. Her key takeaway was twofold. First, never store your Secret Recovery Phrase in a password manager. Second, treat security as an ongoing habit rather than a one-time setup, doing one small thing each day to improve it so those small steps compound over time. That might be revoking token approvals you no longer use, moving some funds to a hardware wallet, or turning on app-based two-factor authentication for an account.
Inferno Drainer is compromised for $2.5 million
On March 18, 2024, Inferno Drainer, a "drainer-as-a-service" kit that scammers rent to phishing victims and empty their wallets, was hacked for $2.5 million. Security researcher ZachXBT shared a leaked message from an Inferno Drainer customer group chat revealing that the attacker had updated every customer's payout address to their own. Since Inferno Drainer's customers are themselves scammers, this meant the drainer's own users got scammed: any wallet they successfully phished that day sent the stolen funds to the attacker instead of to them.
Although the attack happened outside of blockchain networks, inside Inferno Drainer's own operation rather than on-chain, the $2.5 million was still stolen from phishing victims in the first place, and scam victims are frequently targeted again after a first loss. It's a reminder to be cautious with links shared on social media, since even trusted accounts get hacked; keep substantial funds in a hardware wallet; hold only minimal assets in everyday wallets; and use different accounts for different risk levels.
FTX and BlockFi users lose over $7 million in an email phishing campaign
FTX and BlockFi users lost more than $7 million on Ethereum mainnet in a phishing campaign during the week of March 18, 2024. The attack had two parts. Off the blockchain, the phishing itself relied on emails sent to a list of recipient addresses reportedly stolen in the MailerLite compromise, a breach of the email marketing platform several crypto companies used, which handed attackers ready-made lists of users to target. On the blockchain, the actual theft happened once a victim signed a malicious signature or interacted with a malicious contract, at which point the threat actor used the drainer-as-a-service (DaaS) Pink Drainer to move the funds out of their wallet. Users should be cautious of any email asking them to connect a wallet or sign a transaction, and always verify legitimacy through official channels.
Curio's MakerDAO-based contract is exploited for $16 million
Over the weekend of March 23, 2024, Curio Ecosystem reported that its MakerDAO-based smart contracts on Ethereum had been exploited, resulting in a total loss of over $16 million; contracts on Polkadot and the Curio Chain itself remained secure. Curio later posted a recovery strategy roadmap stating that 100% of funds would be restored to users. Everyone holding Curio's governance token was affected, and because the attack exploited a vulnerability in Curio's own contracts, there was little individual users could have done. For protocol developers, the lesson is to audit smart contracts thoroughly and continuously with each new release, and to run a bug bounty program so researchers can surface vulnerabilities before attackers do.
MetaMask's March 2024 Crypto Security Report covered MetaMask's ETHDenver security events and new Snaps additions, the $2.5 million compromise of the Inferno Drainer service, and a Pink Drainer email phishing campaign that cost FTX and BlockFi users over $7 million. Browse previous editions of the MetaMask Crypto Security Report for more threats, trends, and tips for staying safe across the ecosystem.