• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

TronWeekly

Crypto World News

  • Home
  • Education
    • Best TRON Wallets
    • Beginner’s guide to TRON
  • Opinion
    • Tron Tokens
    • Market Analysis
  • Industry
    • Tron Exchange
    • Project Review
  • Press Release
  • Advertise
  • About us
    • The Team
    • Editorial Policy
    • Write for us
    • Privacy Policy
    • Disclaimer
    • Terms and Conditions
    • Contact
You are here: Home / News / Cyber Security / Critical Privacy Vulnerability can Jeopardize 21 million Metamask Users Data, says Researcher
Metamask

Critical Privacy Vulnerability can Jeopardize 21 million Metamask Users Data, says Researcher

January 24, 2022 by Goku

Cryptographer and security analyst Alexandru Lupascu, the co-founder of OMNIA protocol, found Metamask vulnerable. During his recent research, he came across and pointed out that Metamask crypto wallet users could be in jeopardy and might lose all their digital assets.

In his recent medium article, he mentioned that he spent time with this team researching different NFT airdrop situations. They bumbled upon a scenario that could compromise the privacy of more than 21 million people.

“It’s quite a potent scenario, too, as it has the potential to be eight times more devastating than a Distributed Denial of Service (DDoS) attack. And I’m saying that after comparing it to some of the most notorious attacks to hit the news last year.”

Alexandru Lupascu

How dangerous is it?

Alexandru shows how a malevolent actor may create an NFT, transmit it to a victim, and acquire their IP address, putting their privacy at risk. This is a significant privacy flaw in the blockchain ecosystem that anyone may attack for as little as $50.

Do not undervalue the threat posed by IP leaks. Alexandru adds: if hostile actors obtain other information from the IP address (such as geolocation or GSM carrier), they may transform it into a physical threat, such as kidnapping.

Alexandru detailed how the invasion is carried out, from minting an NFT to sending it to the target, obtaining the victim’s IP address, and, finally, jeopardizing their privacy or stealing their crypto assets. He used the iOS Metamask software version 3.7.0 to test this attack, but it might also apply to Android.

Are the users safe now?

Alexandru identified the flaw in early December 2021, and after examining Metamask’s Mobile security policy, they contacted them on December 14, 2021.

They informed us that this is a known problem being addressed as part of a responsible disclosure schedule.

After the study went public, Daniel Finlay, the founder of MetaMask, verified the problem and pledged to resolve it as soon as possible. He also added, “Alex is right to call us out for not addressing it sooner. Starting work on it now. Thanks for the kick in the pants, and sorry we needed it.”

Filed Under: Cyber Security, Blockchain, News, Technology Tagged With: Blockchain, Cyber security, MetaMask

Primary Sidebar

Recent Posts

  • Senate Crypto Bill Advances, But Trump’s Stablecoin Faces No Limits June 18, 2025
  • Cardano (ADA) Gears Up for Potential Reversal as Key Support Holds June 18, 2025
  • Ripple Files Supplemental Letter To End XRP Lawsuit With SEC June 18, 2025
  • Senate Pushes GENIUS ACT Vote Despite Warren’s Crypto Concerns June 18, 2025
  • Ethereum Whale Sells 501 ETH After 2 Years Holding 8052 ETH Worth 20.43M June 18, 2025

Footer

News

  • Altcoin News
  • Bitcoin News
  • Blockchain
  • Tron News
  • World

Digest

  • Meet the Founder
  • Price Winning Article
  • DeFi
  • Cyber Security
  • Crypto Scam

Industry

  • Project Review
  • Technology
  • Fintech
  • Tron Exchange
  • New in Town

Tron Universe

  • Event and Tron Parties
  • New in Town
  • Tron Tokens

Follow Us

Subscribe US

Copyright © 2025 · Tron Weekly. All Rights Reserved. NOTE: Tron Weekly is an independent crypto news site that adheres to the strict journalism policy anchored on transparency, trust, and objectivity, we have no affiliation with the TRON Foundation, its founder Justin Sun or any other cryptocurrency firm.