Metamask Security


#1

I have a question about metamask security. If someone,by using some source successful in breaking metamask dapp password using my browser then obviously he will be able to transfer my funds. Where is Blockchain security?It means, by just breaking the password of a Dapp somebody will get my seed words and private key and moreover be able to steal my eth or erc based tokens? Anyone having answer of my question?


#2

Is there any chance you could rephrase your question in a more clear way? Metamask is simply a client that stores your private keys and provides an ethereum node via infura. It allows for sites to work with the provided node and unlocked wallet (which you unlock with your metamask password) in order to interact with the ethereum blockchain.

As far as I know there is no way via Web3.js to take Private Keys off of metamask, only interact with the account.

What do you mean by breaking the password of a Dapp? Anyone with your seed words would be able to steal your private key as well as any ETH or Tokens associated with that key, but Dapps don’t have passwords and a vulnerability within one wouldn’t (at least based on current knowledge) provide a way to steal from you without having you confirm the transaction first.

If you blindly confirm transactions, trusting the dApp to be safe though, that may cause issues.


#3

Hi, Thanks. Just answer me one question.Is it possible to hack the password of metamask and get logged in? My all questions belongs to this answer.


#4

This really depends on your definition of hacking. Remember that social engineering is one of the biggest vulnerabilities in any system.with human actors. Past someone getting the password from you or off your computer, if it’s possible to brute force or guess (not strong enough or vulnerable to dictionary attack) you could also run into issues.

Overall though Metamask is perfectly safe to use as long as you securely back up all private keys and the backup phrase.


#5

Now responsibility belongs to us to be safe from social eng.


#6

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.