MetaMask Ban
A couple of days ago the popular wallet and in-browser Ethereum gateway MetaMask was accidentally removed from Google’s Chrome store. The incident left users being re-directed to an imposter version of the software. Luckily, the Ethereum community was quick in detecting the problem and the situation was resolved within six hours.
However, this was just another in a series of incidents highlighting the fact that wallet security and private key management is a weak link in the cryptocurrency ecosystem. There have been countless incidents of phishing scams, imposter wallets, and trojan horses.
It seems that the higher the security of the underlying cryptographic model, the more likely it is for incidents to occur. If we think about this from a usability perspective, this is not overly surprising, as more complex models usually involve more complex management on the user’s side providing more options for mistakes. An example of this is IOTA’s quantum proof cryptography, which has led to quite a few incidents of users being tricked into mistakes and losing their funds.
Wallet Security
Wallets and keys can be compromised in a number of ways. First of all, keys are long numbers and typical wallets use several of them. This means that keys cannot be remembered by users and need to be backed up in some way. Many wallets use mnemonic code schemes such as BIP39 to generate keys deterministically from a list of seed words. However, seed words also need to be written down or backed up. Users are known to use shortcuts for convenience.
For a wallet to be useful, it needs to be connected to the internet. Cold wallets are much safer, but inconvenient. Even hardware wallets are much less convenient than a smartphone app with a simple pin or password. Unfortunately, this type of hot wallets is also more vulnerable. Many users even use web wallets that store keys on some company’s server, the weakest wallet security model.
The biggest risk is probably not the actual wallet being hacked, but the above-mentioned phishing scams and imposter wallets that trick users into using alternative software with backdoors and other security leaks.
Additional MetaMask Risks
MetaMask is a great product. It provides the most convenient way to connect to the Ethereum network. Being much more than a wallet, the browser extension injects JavaScript code into web pages allowing decentralized applications to communicate directly with public Ethereum nodes, send transactions and interact with smart contracts. This makes the tool incredibly powerful but also introduces a number of dangers. For example, any website, open in any browser tab has access to the JavaScript code and can monitor transactions. An open webpage might generate transactions at a convenient time, for example when the user expects to have to confirm a transaction, generate a confirmation pop up and trick the user into sending funds to a different recipient.
Getting it Right
Even seasoned cryptocurrency users can get key management wrong. It is, therefore, best to diversify the risk and use a varies wallets. Web wallets should be a temporary measure, to be used only when an exchange has to be used. Once the currency conversion is complete, funds should be removed immediately. Similarly, a MetaMask wallet should hold just enough funds to interact with DApps. Larger amounts should be stored on hardware or cold wallets. It does make sense to keep a reasonable amount on a smartphone wallet for daily use.
Apart from this wallet diversification, users must, of course, take the necessary precautions to protect themselves from phishing and other scams.