I’m new to crypto. I installed MetaMask about a week ago and don’t remember if I clicked link from Google ad or not.
I read this article that scared me that I might be at risk of having my wallet emptied:
I do remember being asked to enter 12 word secret phrase as part of the set up and I was uncomfortable entering in the 12 words. Does the legitimate set up process ask for the 12 word secret phrase?
How do I know if I have the compromised extension? I connected MetaMask to an Atomic Wallet and it all appears to be there at the moment. Should I move it? I’m scared to reconnect MetaMask to UniSwap or other service.
Ditto. There’s an article stating that after the spam site asks you to connect your existing wallet, it asks you to input your seed phrase but the legit site won’t ask that (according to the article.) So will it? I tested it with a seed phrase off by one word which failed, which implies the process was legit. Once I put the actual seed phrase, it worked, but I’m still too skeptical to use and actually deleted the extension and app as I hadn’t funded yet.
These are great questions. The official MetaMask web browser extensions and mobile app can be found on the MetaMask website when you select “Download”.
Both a fake and the real MetaMask extension or mobile app will ask you for your seed phrase. That is how a wallet is restored. The fake wallets are very good at mimicking the look and feel of the real MetaMask wallet. I advise to always download either the extension or app from the official MetaMask website.
Regarding the high profile attacks, if you read the stories, you’ll see that the security flaws were not due to a lack of security from MetaMask, but from the user or the user’s device that their MetaMask wallet was installed on.
For example, with the hack that happened in January, the user approved and granted access to his own computer to the hacker. This allowed the hacker access to his MetaMask wallet and steal his tokens.
