I have read the following:
Gene is working on his laptop with several tabs open in his browser.
He unlocks his MetaMask wallet to make a transaction. An attacker uses
the open tabs to see that Gene is using MetaMask.The attacker sends Gene a pop-up message saying that his transaction
has failed. This happens sometimes, so Gene isn’t worried. He enters
his password to remake the transaction. The attacker now has access to
Gene’s wallet.
I quite don't get how an attacker uses the open tabs to see that Gene is using Metamask.
I'd appreciate it if you explain this a little bit further.
Best Answer
Before Metamask v7, the wallet extension was sharing the user selected address with every opened tabs. That means, any websites opened through these tabs could possibly track the user's transactions history and the amount of ethers/tokens held by the wallet. A malicious website could simulate the Metamask behavior by sending the user fake pop-up/notifications.
For example, the attacker could wait for the user to send a transaction and then inject a scam pop-up acting in the following way :
A novice user could be trapped by this kind of attack.
Since the v7, Metamask no longer shares the account address to visited websites without the user's consent, who must manually confirm their willingness to interact with the site.