Are you worried about hackers stealing your personal information and hard-earned crypto? Or maybe you’re just not comfortable having your MetaMask logged in to some sites. Well, there’s a solution for all of those problems.
In this post, we’ll show you precisely what you need to do to secure your MetaMask wallet. We’ll walk through each step of the process and explain why it’s important.
Without wasting much time, let’s get started!
Storing your password and recovery phrase safely
Upon signing up for MetaMask, you will be asked to create a strong password and write down your recovery phrase. This is extremely important because if you lose either of these two items, you won’t be able to recover your funds.
The best way to ensure their safety is never to save them online or on your device. Instead, keep them safe offline by writing them down somewhere only you know where they are. Or you can even get a safety deposit box at the bank so that no one else has access to them.
Why you should stop leaving Your Metamask connected to sites and daps
As a rule of thumb, always ensure to disconnect your Metamask wallet from websites when you’re done using them. So, you might ask, why should you care about this? For starters, while a website is connected to your wallet, they can read your private keys, track your information, and, if they’re suspicious sites, steal your funds. It’s better to make sure that your wallet isn’t accessible to others than to risk losing everything.
You might feel that disconnecting your wallet will make you lose the crypto you have on that site. The simple truth is, you won’t. Your crypto is not actually on these sites or your Metamask wallet. They reside in the blockchain, and these exchanges and wallets serve as a gateway to access them.
How to disconnect Metamask from sites
Disconnecting a site from your Metamask extension is pretty straightforward.
To begin, click on the three dots icon (…) located next to the address bar. You’ll see an option called “Connected Sites,” which lists every site you’ve ever visited with your MetaMask wallet. Each site has a trash icon next to its name. Click on this icon to remove the site from your list.
Keeping your Metamask wallet extra safe
Just like any hot wallet, using Metamask alone doesn’t provide maximum safety for your crypto asset. As such, you have to take a step further to ensure your wallet remains safe. The best way to do this is by combining it with a hardware wallet. A combination of Metamask and Ledger Nano is one of the safest options out there.
What is Metamask phishing and how to avoid it?
Phishing attempts often target MetaMask. Phishing is a means to steal your passwords by misleading you into downloading a malicious version of the software you want to get. Phishers often acquire domain names that include popular misspellings in the hope that you would type the URL incorrectly.
Sophisticated phishers will use an SSL certificate to encrypt their phishing pages. To get further verification, click on the closed lock and then on ‘Certificate’ to see the certificate’s information. Check to see if the certificate was given to https://metamask.io, which is the only valid MetaMask URL.
So how do you protect against a phishing attack? You simply seek support from within the app you need help on. If you don’t find anything helpful, contact customer service directly.
Downloading PDFs can steal your Metamask Assets
If you download a PDF file, usually from suspicious mails advertising a new coin or NFT giveaway, you may be opening yourself up to a potential security threat. This is called PDF phishing and it involves tricking you into clicking on a link that downloads a malicious document instead of the real thing.
PDFs are typically used to spread malware because they contain hidden code that allows hackers to install keyloggers and other malicious programs onto your computer without your knowledge.
The best way to prevent this is to ignore suspicious PDF download links. But if you must, ensure you use a cloud PDF reader like PocketBook Cloud. But whatever you do, don’t open a suspicious PDF on your computer.
Dont fall for this Metamask scam
We’ve recently seen people complain about waking to see a huge part of your money missing in their Metamask wallet. The weird part is that they had no encounter with phishing schemes nor where their private keys or computers were compromised. You might think there’s a main vulnerability in the Metamask system, when in fact, there isn’t.
So, what’s this scam? You unknowingly gave a smart contract or web3 site unlimited access to your funds. This happens when we fail to read the fine print inside a transaction verification popup when signing up to these web3 sites.
How to check and remove access, see if you fell for the scam above
While it’s impossible to get your money back in such a scenario, there are ways to prevent it from reoccurring or happening in the first place.
- Check who you gave access to through a token allowance checker. You can use TAC to check for Ethereum-powered daps. Or Google search the name of the blockchain and “token allowance checker” to get the website for that specific coin.
- Connect your Metamask wallet to the checker to see all transactions and websites you gave access.
- Locate the transaction in question and click on the “revoke” button.
Metamask makes crypto transactions easy, but it’s not immune to scams. So, always double-check any links or messages you receive before acting on them. And if you ever have doubts about something, contact the Metamask support team to help you.