Mark Cuban loses nearly $900k on MetaMask fake
Mark Cuban believes he installed a counterfeit MetaMask wallet, potentially exploited by a scammer to pilfer his cryptocurrency
Joe Seer/Shutterstock, modified by Blockworks
“Shark Tank” billionaire Mark Cuban re-engaged in the crypto space over the weekend after months of inactivity, only to fall victim to a hack.
One of the tech mogul’s crypto wallets saw losses of about $870,000 across various cryptocurrencies.
However, he was alerted after on-chain sleuths noticed his wallet was being unusually drained, thus preventing further losses.
An X user identified as WazzCrypto was the first to draw attention to the transfer, raising concerns about its suspicious nature late on Friday.
After Cuban became aware of the purported attack, he transferred $2 million worth of USDC to Coinbase.
He confirmed the hack in response to DL News, stating “someone one got me for 5 ETH.”
Cuban believed someone must have been tracking his activity, explaining that he came to use MetaMask for the first time in months.
He suspected that he downloaded a counterfeit version of the widely-used browser extension MetaMask cryptocurrency wallet.
He was reportedly looking up stablecoin provider Circle, then mistakenly downloaded what he thought was MetaMask.
Cuban mentioned that the hack took place while he was attempting to clean up his account using his phone.
“MetaMask crashed a couple times. I just stopped. Then you emailed me. So I locked my NFTs on OpenSea. Transferred all my Polygon in the account,” Cuban reportedly told the outlet.
He clarified that only the account that was hacked had any losses, and his other accounts remained unaffected.
Blockworks has reached out to Cuban for comment.
Cuban has earlier expressed keen interest in cryptocurrencies and blockchain tech, showcasing a blend of enthusiasm and caution.
In 2019, he announced that his NBA team would accept bitcoin as payment for tickets and merchandise, marking a significant toward integrating crypto into the mainstream.
News analysis by Macauley Peterson
Proper self-custody of crypto assets is a responsibility. When downloading any browser extension — whether or not it is a wallet — one should check that the publisher information is accurate. Typically, a legitimate extension will have many thousands or millions of downloads.
In the case of MetaMask, the real extension is published by metamask.io and has over 10 million downloads.
For Cuban to have been victimized in this way, he would have had to import a seed phrase into the fake extension, thus revealing his private key to scammers.
It is paramount to take care when entering a seed phrase to import a wallet. Only do so when required and if you are sure the application is legitimate.
Using a hardware wallet compatible with MetaMask would have protected Cuban from this risk, since there is no seed phrase to import. If requested by an extension, that would be a clear sign that it was counterfeit.
Correction Sept. 18, 2023 at 12:33 pm ET: Clarified the headline that the exploit was effectuated by a fake MetaMask, not the actual wallet software.
Get the news in your inbox. Explore Blockworks newsletters:
- The Breakdown: Decoding crypto and the markets. Daily.
- 0xResearch: Alpha in your inbox. Think like an analyst.
