Solidity Security – How Does Phishing Work for Metamask?

ethereum-wallet-dappmetamasksoliditywallets

I have read the following:

Gene is working on his laptop with several tabs open in his browser.
He unlocks his MetaMask wallet to make a transaction. An attacker uses
the open tabs to see that Gene is using MetaMask.

The attacker sends Gene a pop-up message saying that his transaction
has failed. This happens sometimes, so Gene isn’t worried. He enters
his password to remake the transaction. The attacker now has access to
Gene’s wallet.

I quite don't get how an attacker uses the open tabs to see that Gene is using Metamask.

I'd appreciate it if you explain this a little bit further.

Best Answer

Before Metamask v7, the wallet extension was sharing the user selected address with every opened tabs. That means, any websites opened through these tabs could possibly track the user's transactions history and the amount of ethers/tokens held by the wallet. A malicious website could simulate the Metamask behavior by sending the user fake pop-up/notifications.

For example, the attacker could wait for the user to send a transaction and then inject a scam pop-up acting in the following way :

tell the transaction has failed and ask the user to sign a new one where the recipient address is the hacker address.
tell the user a problem has occurred and the wallet has disconnected, then ask him to enter his seed (which is needed to recover the wallet) to re-connect and process the transaction.

A novice user could be trapped by this kind of attack.

Since the v7, Metamask no longer shares the account address to visited websites without the user's consent, who must manually confirm their willingness to interact with the site.

Best Answer

Related Solutions

[Ethereum] How metamask works

Related Topic