ConsenSys announced today that one of its most well-known products, the MetaMask crypto wallet, suffered a data breach. The attack targeted a third-party customer service provider, not the application itself.
The issue came to ConsenSys’s attention in August 2021 and was resolved in February 2023. The firm claims that MetaMask users who did not contact customer service during the affected period have nothing to worry about. Any users who did contact MetaMask support and who did not share personal information are also in the clear.
Who Is at Risk?
Between August 2021 and February 2023, unauthorized actors gained access to ConsenSys’s third-party customer service provider. As a result, MetaMask users who contacted them for customer service support and who also shared personal information may be at risk.
MetaMask support requires limited personal data to provide the help needed. However, customers are able to type in additional information at their own discretion. According to Consensys’s blog, users might have entered “economic or financial information, name, surname, date of birth, phone number, and postal address.”
Because of the nature of the attack, it is difficult to say exactly who is at risk. Consensys estimates that the data breach affected around 7,000 people worldwide. A spokesperson for the company told BeInCrypto that its investigations show that three users suffered economic loss as a result of the incident.
What Was Done?
ConsenSys claims in its blog post that the firm has stopped the unauthorized access and the threat is not ongoing.
“As first steps, ConsenSys performed data gathering and an initial investigation in order to determine the veracity and criticality of the incident and implement containment measures,” a ConsenSys spokesperson told BeInCrypto.
Given that the firm first learned of the data breach in August 2021, some may wonder why the issue took a year and a half to come to a resolution.
“While it appears upon retroactive forensic investigation the malicious acts began in August of 2021, we needed to become aware of those acts and conduct an appropriate forensic investigation to determine the source,” said the spokesperson.
“ConsenSys then engaged a third-party forensic investigator to perform a comprehensive forensic investigation and took measures to address and mitigate known or possible adverse effects of the incident,” the spokesperson added.
Moreover, the firm has since shared the breach with the Data Protection Commission of Ireland and the Information Commissioner’s Office of the UK. Through these efforts, ConsenSys hopes to understand the root cause of the data breach. The firm also aims to be more vigilant about improving existing measures.
Ramifications of the Breach
MetaMask is far from perfect as far as consumer products go. Some users have reportedly seen their funds drained even after following all of the usual steps to secure their crypto. And many wallets have been scammed without a solution in sight.
ConsenSys emphasized that in relation to the data breach, the MetaMask application itself is still safe to use. The wallet does not require any of the personal information noted above to function. Therefore, in regard to this specific issue, users should feel confident using the app going forward.
Securing Your Crypto
To reiterate the usual advice, don’t share your seed phrase with anyone, and double check links before clicking them. ConsenSys advises users of any crypto wallet to be hyper-vigilant when it comes to suspicious requests for information.
Users should ignore and delete any requests for seed phrases or personal information. They should never follow any links from people they do not know. And when it comes to using customer service providers, never give more information than is essential to the problem at hand. “Please make us aware of suspicious requests and messages by reporting them here,” the spokesperson added.
Crypto is still a bit of a wild frontier. But by doing due diligence and staying alert, you can keep yourself and your assets safe.
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content.