Wondering how to store your Crypto safely on a Metamask Wallet. Hackers are probably looking out for ways to compromise your wallet and there are ways how they can do it. In this article, we have summarised some of the known methods used by them to steal funds from online private wallet users.

Before starting, let’s talk about an incident that happened because of a compromised wallet. EasyFi project suffered a massive breach of over $80 million dollars in a Metamask Wallet Hack. The admin wallet was compromised and CEO Ankit Gaur said in a blog article that the hacker in some way had gained access to the wallet keys. That being said, now you might understand the need to store your wallet seed phrase safely.

Wallet Seed Phrase

More often than not, while making an online wallet, people take a screenshot or capture an image on the smartphones of their Wallet Seed phrase. Although that could sound a lot easier, if the smartphone or the computer leaks the Screenshot to some hacker, all your funds could get stolen in a second.

Fake Metamask Support

Not only that, fraudsters often pretend as Metamask support on Twitter and ask for your wallet keys inside a Google Form posing to help you recover your Metamask wallet or fix an ongoing issue. Remember that Metamask can’t help you personally on a privately owned wallet as it’s not a centrally controlled exchange. Never ever share your seed phrase with anyone claiming to be from Metamask.

Not storing the Keys on Google Drive

Apart from that, some people store their wallet keys on Google Drive either as a Text File or as a Screenshot which risks the safety of the wallet. I’ve witnessed people who lost their entire crypto just because their Google account got compromised. If you’re storing your wallet keys just like that, I would suggest to note it down on a diary or on a piece of paper & store it offline rather than as a screenshot or text file.

For example, hackers can gain control of your Google Session with some strange IP addresses as I came to read across this thread on StackExchange.


Avoiding Unknown Extensions

The private key is also stored in your browser’s cache. Each time you open your Metamask wallet using the set password, the browser spits a private key to help Metamask sign the transactions for you. If the browser has been compromised which can be on a public PC, never even think of logging onto your Metamask wallet on a Cyber Cafe or in a Computer that’s used by multiple people.

Authorising a Contract

This trick is a bit more complicated and can often mislead users to sign/approve transactions that seem too good to be true. What usually happens, in this case, is an unknown airdrop. Hackers intentionally airdrop weird tokens to a wallet just in a hope that at least some people will fall for it.

The airdrop can make you feel lucky because if you check the price while trying to swap them on Uniswap or QuickSwap, you might see around $2500 or $5000 worth of USDT. If you’ve used a DEX, you might already know that before swapping a pair of coins, you’ll need to approve them on your wallet. Same for these unknown coins, you’ve to approve their contract on your wallet if you want free USDT. That’s the bait.

Once a user opts to sign the transaction, the wallet gets breached successfully and the keys are revealed to the hacker. Funds will be empty in less than a minute and your wallet will be empty before you can even realize what happened to it.

These airdrops happen every single day and in batches targeting thousands of wallets actively making transactions. The only solution for this is to ignore any airdrop that seems fishy. Asking the community on Twitter or Telegram can even prove helpful as one may come across people who have already witnessed such incidents.

Is Ethereum Safe?

Ethereum has proven again and again that it is safe and sound to operate at a mass scale. Listing down things that can be unsafe are

  • Wallets.
  • Smart Contracts.
  • Add on Services working on Ethereum as the base.
  • People using the network.

Centralized exchanges can be considered safer if you’re someone who’s willing to give up control over your own private keys and funds. They are safer in a sense, most of them are KYC compliant and have strong KYC, AML policies to keep bad actors out of the platform.

CEX’s even have a robust wallet-based system where a portion of funds are stored offline to keep them out of the reach of bad actors in case the hot wallet gets breached. Insurance is another perspective where users are covered of all losses arising from a hack or breach of wallet safety on an exchange.

DEX’s have none of these policies to cover you up. They can’t even have permission to store your KYC-related data as the fundamental meaning of a DEX is to have no central authority. Also, they won’t be having any insurance on the wallets because they have no control over how users behave with the product.

That normally means all the stuff built around Ethereum can be more secure or less secure varying for each and every single platform because none of them is regulated by a central authority. If you want to keep your funds safe on a DEX, then the best thing to do would be to invest in a hardware wallet.

Some wallets have even approved weird contracts where each time Ethereum is deposited to the wallet it gets taken out to another address until it goes back to zero. That means neither you can take out other tokens from that wallet without ethereum nor you can swap them. The wallet becomes practically useless if some random contracts are signed.

Ending Thoughts

People can lose their entire savings if a virus infects the PC from somewhere and gets access to the browser cache of Metamask with your password tapped using a Keylogger. There are multiple chances of a breach. So a lesson for everyone reading this would be to avoid using Metamask unless you’re 100% sure about the safety of your Laptop/Desktop and be on a CEX with 2-FA enabled to keep funds safe.


Educating people about Blockchain over Zoom and offline events. Writing blogs related to crypto and making videos explaining it.

Write A Comment