Possible vulnerability in the Sync feature | MetaMask Hack
Hello, Brave community.
I’m investigating the hack of my Metamask and asking for help to figure out whether it is possible to hack the wallet through Brave Sync. I had checked dozens of different scenarios and still can’t find the attack vector. One explanation is some vulnerability in Brave Sync, which I used on the same day as the hack happened to transfer all data on a brand new notebook.
During the Sync, I chose all options for Sync, including Passwords and Extension synchronization. What if my Brave seed was compromised previously, and when I had open the access, the hackers able to receive everything from Brave sync servers.
It’s still unclear how they hacked Brave in the first place and decrypt the MM password (it’s BruteForce resistant). But I performed dozen of checks for viruses and rootkits. I didn’t expose to phishing or social engineering and now run out of other versions.
Hi @websea, Welcome to Community!
Your sync data (ie. passwords/bookmarks) are client-side encryption meaning Brave’s servers can’t read your data (or anyone else can without access to the encryption keys)
Please see https://github.com/brave/sync/wiki/Design for more info on Brave Sync.
Have you tried uninstalling and re-installing metamask, and restoring your wallet with the seed phase?
This may be a case where metamask did not properly sync.
Hi. I have access to my Metamask. Hackers moved all stored crypto from 6 wallets on hackers wallet (0x9d8c55c6e5f0bd59bf1d6f73022dd7554e57fa87).
That’s implied that Private Key was compromised and not just a one wallet.
I’m aware that data stored encrypted. If assumed that hackers compromised Brave Sync Seed somehow, can they stole Metamask seed via sync?