Cryptocurrency wallet provider MetaMask denies claims that the exploit of its wallet was the result of a "massive wallet drain operation" that has claimed over 5,000 Ether.
On April 18, MetaMask tweeted in response to a series of tweets on April 17 by Tyler Monaghan, founder of Ethereum wallet manager MyCrypto, who explained that an unidentified wallet drain bug had stolen Over $10.5 million in cryptocurrencies and non-fungible tokens (NFTs) from December 2022. “Recent reports on [Monahan’s] thread falsely claimed that the massive wallet drain operation was the result of a MetaMask exploit,” MetaMask said.
The wallet provider said the 5,000 ETH was stolen "from 11 different addresses on the blockchain," reiterating that the claim that the funds were hacked from the MetaMask "is not true." Speaking to Cointelegraph, Wallet Guard co-founder Ohm Shah said the MetaMask team has been “working tirelessly” and that “there’s no definitive answer to how this all happened.”
"There are tons of independent security researchers looking into this as well," Shah said. He speculated that it was possible to assume that there was "some kind of private key or seed phrase leak". In its latest series of tweets, MetaMask confirmed that its security team is researching the source of the exploit and “working with others in the Web3 wallet space”. In her post about the exploit, Monaghan said "no one knows" how the massive attack was carried out, but her "best guess" is that a lot of old data was obtained and used to withdraw funds.
She also initially claimed that the attackers exhausted MetaMask's long-term users and employees by using it. Monahan later stated that the exploit was not specific to MetaMask, and that "users of all wallets, even those created on hardware wallets," were affected by the bug.
