Welcome to our MetaMask news page. Here you’ll find some of our featured MetaMask Ethereum content pieces as well as all our latest MetaMask Ethereum Wallet posts.
MetaMask has recently tweeted about a new problem that has happened to the company: its app has been delisted from the Chrome Web Store. Metamask, for those unaware, is a browser plugin that you can use to make Ethereum transactions via regular sites. The decentralized application (DApp) acts as a bridge between the Ethereum interface and the regular web. It is widely used in Ethereum-based games.
According to the company, the extension has been delisted from the store without any explanation from the company about why this has happened.
Chrome has banned crypto mining addons. They are probably using an automated system that banned Metamask based on keywords that are similar to those in mining addons.
— The Cryptophiliac (@thecryptophilia) July 25, 2018
This tweet by @thecryptophilia is one of best explanations that has turned up online as to why the Chrome Store has removed the App. Speculation regarding the reason from the delisting believes that the app was wrongly erased as part of an effort from Google to delist mining apps.
While @googlechrome has taken MetaMask down from their @ChromeDev store without notice or explanation, users can still install MetaMask manually on Chrome by following this guide. Note: @brave, @firefox, and @opera stores are all working fine!https://t.co/11ElxRgjDL
— MetaMask (@metamask_io) July 25, 2018
The tweet above stated that all the other browsers were unaffected and working fine, so you can still download the software on Firefox, Opera and Brave. Also, if you already have it installed on Chrome, the company has stated that “it should work” and it is currently contacting Google to discover why the software was delisted.
Many twitter users have suggest that use the popular Brave Browser to access their accounts. Brave browser gives it’s user the privacy and accessibility move freely online without being tracked by ads.
Stay tuned to see how this develops. Many users as well as MetaMaask themsevles have reached out to Google Chrome to see if they can get re-listed or at least get an explanation as to what happened.
MetaMask, perhaps one of the most popular Ethereum and ERC20 wallets in the market has taken the decision to release its mobile client at DevCon. The team behind the wallet developed by ConsenSys, has been at the DevCon in Prague, Czech Republic. Other companies present were EY, Microsoft, ShapeShift, Santander, Blockfolio and Wanzkaign.
The founder and CEO of ConsenSys, Joseph Lubin was present at the event and shared the most important information about this wallet. ConsenSys is one of the largest virtual currency and blockchain firms around the world.
MetaMask is one of the most used Ethereum wallets available in the market and it is capable of handling dApps and other requests. At the same time, it has a very user-friendly interface and enables transfers of ETH and tokens that are launched on the Ethereum network.
During the last years, users were asking for a mobile client of the MetaMask wallet. Some users were even using MetaMask as their main ERC20 and Ethereum wallet. However, individuals could only use MetaMask as an extension on some web browsers such as Chrome, Brave and Firefox.
According to Joel Synder, a senior IT consultant at Samsung Insights said that users preferred smartphones rather than desktops to store their virtual currencies.
About it, he said:
“This is why smartphones have an edge over laptops and desktops for cryptocurrency wallets: without the benefits of the hardware-based TEE, the keys are more vulnerable. There is a significant caveat: a naïve wallet developer might choose to simply store the keys on the normal internal storage of the phone, in which case there’s little additional protection from using the smartphone platform.”
MetaMask works in a different way since users have full control over their funds and not the company behind MetaMask. That means that individuals using this solution should be very responsible for their private keys and how they store them.
With the latest release, MetaMask users will enjoy new functionalities that were not present in the older version. The mobile client will also function as a dApp browser. That means that it will be working as the Store of dApps. Users will be able to run CryptoKitties, or any other Ethereum-based decentralized application.
This can help increase the number of users in various Ethereum dApps that for many were unknown.
Popular Ethereum browser MetaMask was temporarily delisted from the Chrome web store for an unknown reason.
MetaMask’s team confirmed the news in a tweet.
“PSA: MetaMask has been delisted from the Chrome Web Store. We are unsure of why this is the case and we will update everyone as we get more information. All other browsers are unaffected.”
MetaMask was taken off of the Chrome Web Store for approximately 6 hours before being re-added. As of today, the MetaMask extension is working as intended.
MetaMask provided a complete explanation of the issue in a blog post on Medium.
“MetaMask was taken off of the Chrome Web Store for about 6 hours. It ended up being a removal in error on Chrome’s side.”
The removal was a big issue. After the official MetaMask extension was removed from the Chrome Web Store, Google Chrome users were left with problematic options. When you typed “MetaMask” yesterday, you received results for extensions that looked like MetaMask, including “a few re-branded MetaMask forks and one ambiguously branded lookalike.”
Meanwhile, reports on Reddit’s /r/Ethereum claimed that one of the alternatives was actually a phishing attempt, which means users attempting to install the real MetaMask yesterday may have had their information or private keys stolen.
MetaMask claims its team was not made aware of the de-listing by Google. Instead, they only noticed the issue when a team member stumbled upon the missing listing.
Ultimately, “all operations are back to normal within MetaMask”, according to the development team, and users can access the new MetaMask update today.
Furthermore, the most egregious lookalike on the Chrome Web Store – the one that purportedly operated a phishing exploit – has been removed.
We still don’t know why MetaMask was removed. Aside from it being a “removal in error” on the part of Google, we have no further details about the reason for the removal.
There was some interesting Twitter drama related to the MetaMask takedown. In the middle of the MetaMask takedown, Charles Hoskinson (@IOHK_Charles) tweeted @MetaMask_io requesting the team to PM him.
In response, MetaMask said that he could use the communications channels of any normal person: the firstname.lastname@example.org email address.
This wasn’t acceptable to Charles, who responded with one of the funniest tweets the Twitter crypto community has ever seen:
“You’re telling the CEO of iohk, founder of cardano and ethereum to use the support email? Just wanted to ask about the chrome delisting.”
Charles’s “do you know who I am”-style tweet was followed by a promise to “return the favor” if MetaMask ever had questions to ask about his illustrious portfolio of ongoing projects:
“We’ll be sure to return the favor if they ever have any questions about daedalus, zencash, ethereum classic, cardano, or the other projects we are working on.”
MetaMask, in response, insisted their support email address is not a conversation killer, and that they legitimately use it to communicate with anyone needing support. Charles, in response, insisted he wasn’t rude, and that he was just lending his support as another Chrome extension developer.
Ultimately, it was a stressful 6 hours over at MetaMask headquarters on July 25, but the entire issue seems to have been resolved. Move along.
On June the 7th, a Reddit user known as WeaponizedMath, reported on the famous social network that the site BTCManager was serving a phishing popup affecting users of the MetaMask browser plugin. The site was able to tackle the issue in less than 24 hours after the report was first published.
At the moment, there have been no reports about people losing their funds because of the attack. This is partly because of the fast response of the team and the help from the MetaMask team that was able to warn their plugin users.
Apparently, the investigation shows that an attacker was able to make a popup clone of MetaMask asking users to restore their vault with their private key due to updates with the extension. But fortunately, it was not able to steal anything without a real interaction with the users.
Wallet companies or cryptocurrency services companies do not ask users for their seed or private key without any reason. Moreover, it is also important to mention that there are no payment or donation section on the BTCManager site.
In a Medium post, MetaMask wrote about this situation:
“MetaMask will never spontaneously ask you for your seed words, and is actually totally incapable of popping up in the top right without the user clicking the fox (as are all WebExtensions)! If you ever see this kind of popup on a site, contact us immediately!”
The attacker seems to be pointing back at a DigitalOcean IP and the site believes that it is related to an experienced attacker. They informed that it is not possible to release all the information they have about the attack because they want to avoid natural copycats. BTCManager is working hard in order to avoid further similar attacks.
The attacker made two small changes on the Cloudfare account which were completely difficult to detect. After it, through API, they were able to create a new sub-domain used before known as img.btcmanager.com, and the sub-domain directed the request to their server.
BTCManager explains that the attackers were able to gain access to their Cloudfare account because of security problems related to Cloudfare. Because of this, they were able to obtain the API key – which BTCManager does not know how they were able to do that.
The site explains that it delivers an important amount of data every single month to clients from all over the world, and Cloudfare is a solution used to reduce costs and offer good services.
The critical issue related with the API is that Cloudfare has no way to turn it off and limit what it is able to do or not. But, a solution may be to quit Cloudfare services for the time being until the issue is cleared up.
The hacker was able to bypass all the security precautions taken by BTCManager. Additionally, the company explains that this is not the first time that they experience attack attempts. In the past they have been suffering dozens of DDOS attacks.
BTCManager says that they do not think that it is convenient to quit using MetaMask or similar wallets. But it is important to acknowledge the risks involved. If you are an important investor, it is highly recommended to use a hardware wallet which will store your funds very safely. [Ledger, KeepKey, Trezor]
Hot wallets like the ones used on the phone or in a computer may be very useful, but they do not provide enough security layers as hardware wallets. And of course, it is obvious that they will be not so comfortable for everyday use.
In addition to it, most websites can see the plugins used, and in order to avoid further problems it may be a good idea to use internet with another browser without the wallet you constantly check.
If you want to prevent your site being hacked, then it is important for users to enable the 2-factor authentication, password managers, never using the same passwords, and change passwords regularly.
At press time, the company did not help at all and they do not seem moved about the fact that they are being used to serve up phishing attempts. MetaMask said that they will be using all their resources and experience to fight DigitalOcean and shut the hacker down and find out who is behind it.
BTCManager is grateful to WeaponizedMath for the help reporting the problem.