We do the research, you get the alpha!
MetaMask is tightening up security for its users.
As part of a new tie-up with security firm Blockaid, the self-custody crypto wallet is launching a new feature that issues security alerts.
Recently out of stealth, Blockaid is security startup founded by alumni of Israel's Unit 8200 cyber intelligence.
Earlier this month, it announced a $33 million funding round, with MetaMask revealed among inaugural customers.
Starting today, MetaMask desktop users will be able to take advantage of the new feature by opting in under the MetaMask experimental setting and adding the Privacy Preserving Offline Module (PPOM).
As explained by senior product owner at MetaMask Bárbara Schorchit, PPOM is essentially an offline security engine that can simulate and validate transactions and signatures before signing them, using only node RPC communication requests to a configured node provider—no other data is sent to an external server.
“Blockaid’s dApp scanning solution is capable of taking any dApp fully simulating all possible user interactions and validating whether those interactions are malicious, thus determining if the entire dApp is malicious or not,” Schorchit told Decrypt.
Those who decide to opt-in at the initial stage of the integration process will see alerts if a transaction appears to be malicious, with the new feature debuting on the MetaMask mobile app later in November.
“By the first quarter of 2024, our intention is to have this new feature seamlessly integrated and enabled into the wallet by default, making it available to 100% of MetaMask’s users,” stated Schorchit.
The staggered rollout is meant to avoid any "false positives," such as flagging legitimate operations as malicious, so that the feature becomes a trusted addition among users.
Metamask, security and privacy
As for the stated privacy-centric aspects of Metamask’s new alert features, Schorchit explained that the new module eliminates the need to share every single transaction and signature request with external parties.
“The simulation and validation happen in the wallet within the user’s device and the only communication needed is with the blockchain itself through the user-selected node provider,” she said.
With phishing scams and exploits seemingly occurring every week, MetaMask's new feature is taking on one of the industry's biggest problems.
According to Blockaid estimates, about 10% of the existing decentralized applications (dApps) are malicious. Furthermore, a recent Consensys survey on the perceptions of Web3 said that 47% of global respondents cited “too many scams” as one of the primary barriers to entering the crypto ecosystem.
“For the ecosystem to be ready for billions of users, it needs to be safer,” said Ido Ben-Natan, Co-founder and CEO of Blockaid. “We're excited to be working with MetaMask on leading the charge in defining how a wallet should defend its users.”
Additionally, Schorchit told Decrypt that unintended transaction outcomes have ranked among the most common causes of fund loss incidents within MetaMask.
MetaMask and Blockaid have already unveiled a similar experimental security alert feature for the popular NFT marketplace OpenSea in April this year.
With approximately 4% of MetaMask users opting in, it purportedly helped to prevent asset theft totaling $500 million,
According to Schorchit, the success of the experiment also means that the new tech can potentially have an “immense” impact.
“MetaMask and Blockaid anticipate that the new privacy-preserving security alerts will prevent the loss of assets worth at least billions of dollars when the feature becomes a default setting for MetaMask wallets,” Schorchit told Decrypt.
Edited by Liam Kelly.