This month's Crypto Security Report

Each month, MetaMask's Luker reports on the global crypto security news that you need to know about. Dive into the action below.

But first... meet our featured STEM pioneer!👩‍🔬

French virologist Françoise Barré-Sinouss was awarded a Nobel Prize alongside her colleagues Luc Montagnier and Jean-Claude Chermann for her work identifying HIV as the cause of AIDS.

What we’ve been up to

Get MetaMask Transaction Shield 

Introducing Transaction Shield: the latest option to maintain peace of mind while transacting with MetaMask. Powered by our industry-leading security stack, Transaction Shield is a subscription service that provides coverage of up to $10,000 USD per month along with priority user support. 

$mUSD added to MetaMask’s HackerOne bug bounty program

In September, we launched our very own stablecoin, MetaMask USD aka mUSD. The dollar-pegged mUSD makes  it easy  and convenient for you to transition between traditional finance (TradFi) and decentralized finance (DeFi), while protecting your crypto assets against price fluctuations. In our quest to ensure sustained security, we have now expanded the scope of our long-running bug bounty program to include the offering. We invite all ethical hackers to check out our bounty program for ways you can earn in exchange while making MetaMask's ecosystem safer. 

Friends of the Fox

Shout out to ChainPatrol

We wanted to take a moment and thank our buddies at ChainPatrol for continued efforts that keep our users safe from phishers and imposters in 2025. We tip our ears to you!

MetaMask highlights emerging security threats

Our own Taylor Monahan on how to stay vigilant against fake Zoom meetings

DPRK-led malicious Zoom meetings continue to be a blight on the industry, accounting for over $300 million-worth of losses. Executives in particular are being targeted and pressured into downloading files that contain Remote Access Trojans (RATs) and other malware that extracts sensitive data and drains cryptocurrency. Telegram is the breeding ground for these threats. Monahan’s detailed thread explains what to look out for and how to shore yourself against Zoom attacks.

Meanwhile across crypto…

Chainalysis summarizes the latest in losses

Looking back at 2025, Chainalysis reports that over $3.4 billion-worth of crypto industry-wide was stolen over the year, with $2.02 billion pilfered by DPRK threat actors.

Personal wallet thefts have tripled to 158,000 incidents and unique victims doubled to 80,000 since 2022, though the total value has decreased from $1.5 billion to $713 million. 

DeFi platforms saw total locked funds recover in 2024-2025, even as hack losses stayed lower since 2020-2023. Researchers at Chainalysis speculate that this could be due to improvements in DeFi security, and/or personal wallets and centralized services being more attractive targets.

There are plenty more details and you can now reserve your copy of the firm’s full 2026 Crypto Crime Report.

Devconnect video of Peter Kacherginsky’s State of DeFi Security now available

Threat researcher Kacherginsky focuses on multi-signature hijacking, rounding error vulnerabilities, and the importance of preventing the next Bybit-like attack. He details the emerging trend of the "patient attackers" who wait for the bigger payoff rather than engaging in a quick "smash and grab," particularly targeting smaller protocols. Also highlighted are vulnerabilities in older legacy contracts and the need to have stricter monitoring and controls on older protocols

Pig butchering ring recognized as global threat

A scam compound network tied to human trafficking and pig butchering was elevated to a global threat by Interpol, as the network saw flows of cryptocurrency surpassing $11 billion since July 2024. Ari Redbord, a TRM researcher who has been working with Interpol, noted that coordinated international law-enforcement efforts around this network have "intensified."

AI agents present advanced risks for smart contract exploits

Researchers from MATS and Anthropic Fellows pitted AI agents from models like Claude Opus 4.5, Claude Sonnet 4.5, and GPT-5 in a simulation against real smart contract exploits that occurred between 2020 and 2025. The results were worrisome, as the agents collectively syphoned $4.6 million in record time. The researchers then turned the agents on recently-deployed contracts with no known vulnerabilities, and two novel zero-days were discovered. Per the report: "This demonstrates as a proof-of-concept that profitable, real-world autonomous exploitation is technically feasible, a finding that underscores the need for proactive adoption of AI for defense."

Tales of caution

Malware targeting gamers

Summary

Popular games like Battlefield 6 and Roblox are attracting threat actors who trick gamers into acquiring pirated versions, installers, and fake game trainers that are used to deploy info stealers that aggressively target crypto wallets and cookie sessions from popular browsers, as well as crypto-wallet extension data from Chrome add-ons. Additionally, the malware is able to steal authentication tokens from messaging apps, password managers, email clients, and more.

One such fake game download led to an entrepreneur in Singapore losing the entire crypto portfolio he accumulated over eight years, totaling over $14,000 USD (100,000 yuan), despite his use of antivirus software. The victim, Mark Koh, told Decrypt: "I didn't even log into my wallet app. I had separate seed phrases. Nothing was saved digitally." Prior to the theft, Koh co-founded the organization RektSurvivor, which offers free help to those who have lost crypto to trading and scams. The cautionary tale reminds us that even the most experienced veterans can become victims.

How users can stay safe

Only purchase and download games from official, trusted sources. Avoid torrents and third parties. As usual, never store important info in browsers. Employ two-factor authentication whenever available and keep backup codes and secret recovery phrases offline entirely. Never keep large sums in hot wallets and spread your holdings out over multiple accounts.

Permit and approval scams on the rise

Summary

In early December, over $440,000 in USDC was stolen from a single user who unknowingly signed a malicious permit (aka approval) signature. Ethereum's permit function is meant to allow users to delegate spending to trusted applications, but scammers have long been exploiting legitimate-looking permit transactions to access all of a victim's tokens once a nefarious transaction has been signed.

How users can stay safe

MetaMask protects against these types of scams through transaction simulations that warn users when they are about to interact with a known malicious contract. Additionally, MetaMask enforces EIP-712 standards, which translate complex signature requests into human-readable text. Showing users exactly who they are granting access to and how much they are authorizing. 

Violent IRL attacks on crypto holders continue

Summary

So-called "wrench attacks," in which attackers can threaten or harm targets in person with violence in order to obtain their holdings have been reported frequently throughout 2025. In late November, $11 million-worth of digital assets were taken by an assailant posing as a delivery person who was able to restrain the victim in his San Francisco house with duct tape. Fortunately, the victim’s injuries were not life-threatening.

A 21-year-old in Vienna was not so lucky. The student was discovered in a burnt-out Mercedes after being tortured to obtain wallet passwords, according to reports. Arrests were made in Ukraine after the accounts were completely drained and funds converted into USD.

How users can stay safe

Keep a low profile if at all possible. Those who are prominent in the industry and influencers should be extra careful. Never discuss the value you hold, be cautious about disclosing travel, and bolster home security. Multi-signature wallets, while not fool proof, can offer an extra layer of protection.

For a deeper dive into the historical statistics around these physical crimes, check out this enlightening thread from Haseeb Qureshi based on Jameson Lopp’s database.

Looking for more crypto security news? Head here to peruse previous editions of Luker's Security Reports, and get additional tips for how you can stay safe in the ecosystem.