7,000 MetaMask Users Targeted in Security Breach, ConsenSys Says

Fraudsters targeted one of MetaMask’s third-party service providers to gain access to personal data such as email addresses


sdx15/Shutterstock modified by Blockworks


Thousands of MetaMask users who contacted customer support over an 18 month period were targeted in a personal data breach, ConsenSys said Friday. 

An estimated 7,000 individuals had private information, such as email addresses, compromised between August 2021 and February 2023, the blockchain software firm said in a blog post. MetaMask’s browser extension and mobile app users were not impacted, according to ConsenSys.

Fraudsters targeted a third party service provider MetaMask uses to create customer support tickets, ConsenSys said, which is how the personal data was seized. 

“The incident occurred when unauthorized actors gained access to the third-party service provider’s systems,” ConsenSys said in the post. “As a result of this incident, MetaMask users who submitted personal data to our customer support may have had that data accessed by an unauthorised third party.” 

Compromised data mostly includes “limited” personal information needed to identify customers for support needs, the company said, but users could have shared additional information in the chat function that was seized. 

ConsenSys has stopped the unauthorized access, it said, and the threat is no longer ongoing. Affected users may be targeted in future phishing scams however, the company acknowledged, noting that customers should be aware of potential threats. 

“As always, we ask that you be extremely vigilant for any suspicious activity and unsolicited contacts which may be made to you by phone, text, email or instant message,” the post said. “If you are suspicious of any request or message, do not open it and do not reply or click any links but delete it.” 

The security breach comes as users report a rise in crypto-related phishing attempts and schemes. There was a 40% increase in phishing attacks in 2022 year-over-year, according to data from cybersecurity firm Kaspersky Lab. 

ConsenSys reported the incident to the Data Protection Commission of Ireland and the Information Commissioner’s Office in the UK, it said.

Get the day’s top crypto news and insights delivered to your email every evening. Subscribe to Blockworks’ free newsletter now.

Want alpha sent directly to your inbox? Get degen trade ideas, governance updates, token performance, can’t-miss tweets and more from Blockworks Research’s Daily Debrief.

Can’t wait? Get our news the fastest way possible. Join us on Telegram and follow us on Google News.


upcoming event

MON - WED, MARCH 18 - 20, 2024

Digital Asset Summit (DAS) is returning March 2024. This year’s event will be held in our nation’s capital, where industry leaders, policymakers, and institutional experts will come together to discuss the latest developments and challenges in the ever-evolving world of cryptocurrency. […]

upcoming event

MON - WED, SEPT. 11 - 13, 2023

2022 was a meme.Skeptics danced, believers believed.Eventually, newcomers turned away, drained of liquidity and hope.Now, the tide is shifting and it’s time to rebuild. Permissionless II is the brainchild of Blockworks and Bankless. It’s not just a conference, but a call […]

recent research

The State of LSTFi


There are five broad use cases for LSTs that are gaining traction alongside growth in demand: leverage farming, liquidity providing, LST baskets, stablecoin collateral, and interest rate derivatives.



Alexander Vinnik’s lawyers aim to swap his freedom for detained WSJ reporter Evan Gershkovich


This latest update will introduce immutability to token metadata but ensure that its key characteristics are preserved, and it will also introduce network fees


In a blog post, partly directed at the forthcoming Eigenlayer protocol, the Ethereum co-founder cautions against overloading consensus


Hunting for victims in Ethereum’s public mempool, automated searchers prey on transactions as they are discovered in a practice called MEV


The crypto exchange that filed for bankruptcy last November would endure a long road to raise funds, clear debts and gain trust, law pros say


The broadcasters were discussing Hong Kong’s new regulations for virtual asset trading platforms set to go into effect June 1