MetaMask browser plugin: new report criticises high fees and phishing threats
The MetaMask crypto wallet is one of the most popular in the industry – but according to a new report, not all that glitters behind the orange fox’s facade is gold.
A recent blog post by freight and trade logistics blockchain network Freight Trust, which looks into the inner workings of MetaMask, reveals: The wallet has a dark side.
The far from flattering report, titled „Unmasking MetaMask“ (translates roughly to „Metamask without a mask“), claims that the popular Bitcoin Evolution crypto wallet is prioritising its commercial success over end-user security and potentially exposing users to unnecessary risks.
What does the MetaMask criticism consist of?
The first criticism lies with MetaMask’s 0.875% service fee, which is added to swap fees and gas prices.
„If you use MetaMask Swap, you get this on-top of the existing 0.3% Uniswap fee, for an effective fee of at least 1.175% per trade.“
The report adds that exchanges like 1inch do exactly what MetaMask does, without the high fees or 1.5x gas multiplier. There are also some discrepancies in how the wallet calculates gas prices – although that was said to have been improved in mid-December 2020.
The report also alleges that MetaMask engages in some „shady blacklisting practices“ by keeping an updated list of banned websites. There is also an allegation of potential token balance manipulation through holding a closed-source MetaSwap contract.
The blog post further alleges that MetaMask stores all trading data in plain text on its backend. This opens end users up to targeted phishing attacks, as hackers would know they are using this specific wallet – just as they did with Ledger customers.
Just like Ledger, MetaMask has also published a guide on phishing prevention and private key storage, however this is little consolation to users who have already lost cryptocurrencies such as Bitcoin (Go to Buy Bitcoin Cheap Guide) or Ethereum due to criminal activity on these platforms.
MetaMask (@metamask_io) on 15 February 2021:
„With MetaMask, private keys are stored only on your device. Only you have access to them. Keep them secret & you keep your wallet secure. Most losses are the result of phishing attempts.“
Metamask’s codebase and potentially intrusive tracking practices are further criticised.