MetaMask and Blockaid Collaborate to Launch Phishing Attack Alert Feature for Enhanced User Protection
MetaMask has teamed up with security firm Blockaid to introduce a new feature aimed at bolstering user security.
Starting today, MetaMask desktop users will have the option to opt-in to the new security feature by enabling the MetaMask experimental setting and adding the Privacy Preserving Offline Module (PPOM).
Developed by MetaMask, PPOM serves as an offline security engine that simulates and validates transactions and signatures before signing them.
It achieves this by utilizing node RPC communication requests to a configured node provider, ensuring that no sensitive data is sent to external servers.
MetaMask has partnered with Blockaid to launch an alert feature to protect users from phishing attacks. Blockaid’s dApp scanning solution is capable of taking any dApp fully simulating all possible user interactions and validating whether those interactions are malicious. By the…
— Wu Blockchain (@WuBlockchain) October 31, 2023
Bárbara Schorchit, senior product owner at MetaMask, explained that Blockaid’s dApp scanning solution plays a crucial role in the new feature.
It can simulate user interactions within any decentralized application (dApp) and validate whether those interactions are malicious or not.
By analyzing the entire dApp’s behavior, the system can determine if it poses any threats to users.
During the initial stage of integration, users who opt-in will be alerted if a transaction appears to be malicious.
MetaMask also plans to roll out the feature on its mobile app in November.
By the first quarter of 2024, MetaMask aims to seamlessly integrate and enable the new feature by default, making it available to all MetaMask users.
The staggered rollout is intended to prevent false positives, ensuring that legitimate operations are not flagged as malicious.
Addressing privacy concerns, Schorchit emphasized that the new module eliminates the need to share every transaction and signature request with external parties.
The simulation and validation processes occur within the user’s device, with communication limited to the blockchain itself through the user-selected node provider.
Phishing Attacks and Scams Continue to Plague Crypto
Phishing attacks and scams have become persistent issues in the cryptocurrency industry.
Blockaid estimates that around 10% of existing dApps are malicious, and a recent survey by Consensys revealed that 47% of global respondents consider “too many scams” as a significant barrier to entering the crypto ecosystem.
According to a report by blockchain security platform Immunefi, there were 76 hacks on crypto and Web3 projects and firms in Q3 2023, a significant increase compared to the 30 hacks reported in the same period in 2022.
In total, approximately $332 million has been lost to various exploits, hacks, and scams throughout September, marking a record-high month for crypto exploits.
As reported, Bitrace has revealed that one of the leading causes of loss of crypto assets is the download of fake wallet applications from search engines.
These fake apps closely resemble legitimate ones in terms of appearance and usage experience, making it easy for unsuspecting users to fall victim.
Once the user synchronizes their mnemonic phrase or deposits assets into the fake wallet, their tokens are lost forever.