Metamask is a crypto wallet and gateway for accessing decentralized apps (DApps) built on the Ethereum (CRYPTO: ETH) blockchain. A cryptographer addressed a security loophole that can put 21 million users at risk.
What happened: Alexandru Lupascu — co-founder of the OMNIA protocol and a blockchain analyst — recently published a blog about a critical vulnerability in the most popular Web 3.0 wallet. He says the vulnerability can put a users’ IP address and privacy on the line by spending only $50.
According to Lupascu, a hacker can mint a non-fungible token and transfer free ownership to the victim by only knowing their Ethereum address connected to the Metamask wallet.
“Do not underestimate the risk associated with IP leaks.” Lupascu said. “If malicious actors derive more information from the IP address (think geolocation, GSM carrier, etc.), they can turn it into physical risks, such as kidnapping.”
Daniel Finlay — the founder of Metamask — knew about this loophole a long time ago and said in a tweet: “Alex is right to call us out for not addressing it sooner. Starting work on it now. Thanks for the kick in the pants, and sorry we needed it.”
See Also: Best Crypto Wallet
According to ConsenSys, Metamask is the most popular hot crypto wallet with over 21 million monthly active users as of Nov 2021.