Crypto Security Report: March 2024

Featuring MetaMask's ETHDenver security events, new DeFi Armor and Harpie Snaps, the $2.5 million Inferno Drainer compromise, a $7 million phishing campaign targeting FTX and BlockFi users, and the $16 million exploit of Curio's MakerDAO-based contracts.

6 minutes
Crypto Security Report: March 2024

Each month, MetaMask Security Director Luker reports on the latest crypto attacks and emerging risks that you need to know about.

March 2024 saw a burst of activity around ETHDenver, where MetaMask hosted a security spotlight and co-hosted a State of Security event with Wallet Guard, alongside new additions to the Snaps beta—a DeFi Armor transaction simulation snap and Happy Harpie's signature insight snap. On the threat side, an Inferno Drainer service attack resulted in $2.5 million stolen fundsFTX and BlockFi users lost over $7 million to a Pink Drainer email phishing campaign, and an exploit of Curio's MakerDAO-based contracts cost over $16 million. The full breakdown is below, but first...

Kono Yasui (1880–1971) was a Japanese cytologist and botanist who, in 1927, became the first Japanese woman to earn a doctorate in science. Her research spanned plant cytology and genetics, including detailed studies of the structure of coal-forming plants, and she worked to open science education to women. Yasui's painstaking, microscope-level attention to structure—seeing what others overlooked—reflects the same close scrutiny that careful security work demands.

Snaps stories: Account Management Snaps, a DeFi Armor simulation snap, and Harpie's signature insights

The Security Snaps lineup is growing. MetaMask added a new transaction simulation snap from DeFi Armor, which flags a transaction and explains why whenever it fails DeFi Armor's curated, customizable security policy. Also new is a signature insight snap from Happy Harpie's ETHDenver hackathon project, which decodes signatures, checks any addresses in a signature payload against Harpie to catch malicious ones, and reads Seaport NFT listing signatures to warn you when a listing is priced well below floor. Meanwhile, the Account Management Snaps open beta remains open to try, featuring snaps from Capsule, Safeheron, and Silent Shard. 

MetaMask hosts a security spotlight at ETHDenver

MetaMask held a security spotlight event at ETh Denver 2024 joined by friends from Alterya, Blockaid, Chain Patrol, Forta, Hexagate, Hypernative, Karma3 Labs, Paradigm, and Wallet Guard. Video recordings are now available to everyone!

MetaMask and Wallet Guard host March 2023 State of Security X event

MetaMask and Wallet Guard’s latest  State of Security X event was co-hosted by Ian Wallis, Ohm Shah, and Michael K. Topics included future-proofing, current and future AI threats, the latest social engineering and phishing techniques, airdrops and farming risks, and special-edition coverage of ETHDenver security discussions.

Blockfence's Blockchain Security Series features MetaMask Security’s Taylor Monahan

In episode 3 of Blockfence's Blockchain Security Series, MetaMask's Taylor Monahan joined Blockfence's head of security research, Pablo Sabbatella, to discuss why builders must protect their users, their shared appreciation for white-hat hackers, and a chain of attacks on older wallets that occurred the previous April. Her key takeaway was twofold. First, never store your Secret Recovery Phrase in a password manager. Second, treat security as an ongoing habit rather than a one-time setup, doing one small thing each day to improve it so those small steps compound over time. That might be revoking token approvals you no longer use, moving some funds to a hardware wallet, or turning on app-based two-factor authentication for an account.

Inferno Drainer is compromised for $2.5 million

On March 18, 2024, Inferno Drainer, a "drainer-as-a-service" kit that scammers rent to phishing victims and empty their wallets, was hacked for $2.5 million. Security researcher ZachXBT shared a leaked message from an Inferno Drainer customer group chat revealing that the attacker had updated every customer's payout address to their own. Since Inferno Drainer's customers are themselves scammers, this meant the drainer's own users got scammed: any wallet they successfully phished that day sent the stolen funds to the attacker instead of to them.

Although the attack happened outside of blockchain networks, inside Inferno Drainer's own operation rather than on-chain, the $2.5 million was still stolen from phishing victims in the first place, and scam victims are frequently targeted again after a first loss. It's a reminder to be cautious with links shared on social media, since even trusted accounts get hacked; keep substantial funds in a hardware wallet; hold only minimal assets in everyday wallets; and use different accounts for different risk levels.

FTX and BlockFi users lose over $7 million in an email phishing campaign

FTX and BlockFi users lost more than $7 million on Ethereum mainnet in a phishing campaign during the week of March 18, 2024. The attack had two parts. Off the blockchain, the phishing itself relied on emails sent to a list of recipient addresses reportedly stolen in the MailerLite compromise, a breach of the email marketing platform several crypto companies used, which handed attackers ready-made lists of users to target. On the blockchain, the actual theft happened once a victim signed a malicious signature or interacted with a malicious contract, at which point the threat actor used the drainer-as-a-service (DaaS) Pink Drainer to move the funds out of their wallet. Users should be cautious of any email asking them to connect a wallet or sign a transaction, and always verify legitimacy through official channels. 

Curio's MakerDAO-based contract is exploited for $16 million

Over the weekend of March 23, 2024, Curio Ecosystem reported that its MakerDAO-based smart contracts on Ethereum had been exploited, resulting in a total loss of over $16 million; contracts on Polkadot and the Curio Chain itself remained secure. Curio later posted a recovery strategy roadmap stating that 100% of funds would be restored to users. Everyone holding Curio's governance token was affected, and because the attack exploited a vulnerability in Curio's own contracts, there was little individual users could have done. For protocol developers, the lesson is to audit smart contracts thoroughly and continuously with each new release, and to run a bug bounty program so researchers can surface vulnerabilities before attackers do.


MetaMask's March 2024 Crypto Security Report covered MetaMask's ETHDenver security events and new Snaps additions, the $2.5 million compromise of the Inferno Drainer service, and a Pink Drainer email phishing campaign that cost FTX and BlockFi users over $7 million. Browse previous editions of the MetaMask Crypto Security Report for more threats, trends, and tips for staying safe across the ecosystem.

  • Luker
    Luker

      Jen Luker, known by most as just Luker, is the Director of Product Security at Consensys, where she leads the frontline defenders who protect millions of users from vulnerabilities, emerging threats, and malicious actors across decentralized tech. An active participant in the Ethereum ecosystem since 2017, she has held key roles including Editor at ETHNews and Project Manager at MyCrypto. Luker is a regular speaker at industry conferences, the author of MetaMask's monthly Crypto Security Report, and an official ETH Security Badge holder as designated by The DAO. She's also a passionate advocate for continuous education and security awareness as essential pillars for the future of Ethereum and blockchain technology.

      Tüm makaleleri oku