Today's topic is based on the security risks of meta masks. A small intro for those of you who don't know much about this topic, there are 2 types of wallets - hot Wallets and cold wallets. A hot wallet is a wallet that stores your assets on the internet and cold wallet stores the assets on a hardware device. We will be discussing meta mask in this blog, it is a hot wallet based on eth network.
Hot wallet's In comparison with cold wallets fall short of a point because since it's online it "could" be hacked into and you are still not 100% control of your assets. But again hot wallets provide a lot more speed and efficiency in comparison with "hardware" wallets.
What is metamask?
Meta mask is a wallet used to store various cryptocurrencies, its available as an extension on chrome, Firefox and Brave browser. I would recommend using the Brave browser for its amazing security and adding free benefits (BAT token rewards). Getting back to the main topic -> Meta mask gives u the ability to store ERC20 tokens and make transactions by acting as a bridge between the Blockchain and you.
Security on meta mask:
Meta mask is an open-source wallet. This means that is free to use and has a group of really good developers behind it. The keys are stored in an encrypted format within the browser and the company doesn't have any access to our data or keys on any of their servers. This means only you have control over your assets.
✓ In-app purchase from coinbase or opensea: since it is linked to exchanges.
✓local key storage (encrypted format in the browser)
✓ The biggest risk of any online wallet is phishing. I made a whole blog on How I became a victim of phishing? What it is? and How you can avoid phishing? Click Here to view my blog on "phishing" To summarize it, it when red hats /hackers create an identical website and ask you to login/ enter your details. In doing so your password directly goes to the host of the page and now they have access to all of your data. This is possible with metamask where there is a lot of fake identical applications and you may enter your phrase into the wrong website and lose control of all your assets.
✓ Recovery Phrase :
On creating an account we are given a 12-word recovery phrase, if we lose that recovery phrase or if it falls onto the wrong hands the assets are equivalent to 0$. The recovery phrase needs to be stored securely and made sure it does not fall into the wrong hands. Make sure you don't lose this phrase too because your assets are encrypted and your phrase is the only one that can let you gain access to them.
✓ The website knows if you have a meta mask:
Though no website can hack into your meta mask they do know that if your meta mask extension is on, you are a meta mask user.
✓Timing attack :
This is when you are about to unlock your meta mask and a malicious website on another tab waits for the time your meta mask is unlocked. You unlocked it since you wanted to make a transaction on another website but since the meta mask doesn't " clearly" specify which website is making the transaction. The website open on another tab may request for a transaction once it revives an alert that your meta mask is unlocked now.
I would conclude by saying that meta mask is secure to an extent but since it is a hot wallet that stores your assets online you should be aware that it has the sole chance of losing your asset's. If you have a lot of asset's which you plan on holding for the long term I would recommend you to use a cold wallet which would give 100% of the control to you ^^.
Thank you for reading the entire blog. Let me know your thoughts on this topic in the comments!