Metamask hacked? How to avoid getting hacked and what to do if you have suffered a security breach


Even a veteran crypto enthusiast can be hacked these days, I suffered a security breach some months ago, probably through a phishing scam. I have learned a lot since this happened and took extra measures to avoid this problem once and for all.

The main reasons you might be hacked  are:

- Attackers get access to your private keys (which Metamask stores on your device) via malware or phishing.

- The keys are encrypted by the password, but an attacker can brute force the password easily unless it's a **very** strong password. Of course, an attacker can also get your password through malware or phishing.

- An attacker that has your unencrypted private keys has full access to your funds. There is nothing Metamask can do to help you here.

- Your public address is technically safe to share, but doing so may create privacy issues and make you a target for scammers. This also means that, if you interact with your wallet on a website or with a contract that a scammer controls, you are giving the scammer data that may make you a target.

- The mnemonic phrase is a human-friendly presentation of your private key. It should be stored safely offline. The mnemonic phrase (or private key) can be used to recover your wallet, but only do this if you are 100% sure you don't expose it while doing so.

- Do not use your Metamaks wallet for more than what you consider pocket money. For larger amounts use a hardware wallet (you can still use Metamask to interact with your hardware wallet). It might be better to keep your funds on a reputable exchange than it is storing your keys on a potentially unsafe device, but of course exchanges (and your account on the exchange) can be hacked too.

- Note that not all smart contracts are safe to use, and even if the contract is safe, the website that you use to interact with it does not have to be safe. Just because it's a smart contract on a blockchain, does not mean it's also decentralized and safe to use.

In order to safely participate in DeFi, at the least the blockchain has to be decentralized, the smart contract has to be safe (preferably audited, although that's no guarantee it's safe), and the website that is used to interact with the contract has to be safe.

I am sure that at the least some of the victims that lost funds and post about it here, are actually victims of unsafe smart contracts and websites.

In case you already have been hacked, or suffered a security breach through phishing or malware, this is what you should do:

1 - Report to the IC3 if you are in the US or action fraud if you are based in the UK, for other countries please check with the Cybersecurity department of law enforcement in your country.

2 - Seek legal assistance. The best crypto solicitors out there are Silver Miller Law, Crypto Legal, and Roche Fredman, all three offer similar services for fraud cases, check the options and the legal fees with them and choose wisely.

Crypto Legal: [email protected]

Silver Miller Law: [email protected]

Roche Fredman: [email protected]

3 - NEVER, under no circumstance, hire one of those “crypto recovery companies” they are a total scam, they would only make you lose your time and your hard-earned money.

Try to act as fast as possible, time is of the essence in these matters, the sooner you take action the greater the chances of retrieving your funds.

Stay safe out there in the crypto jungle!



How do you rate this article?



Peter Thomson
Peter Thomson

Crypto Enthusiast, stockbroker by day, father of 2 by night

Legal Framework of Cryptocurrencies
Legal Framework of Cryptocurrencies

In this blog, I´ll be posting about the legal framework of cryptocurrencies and the current regulations around the world.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.