The SEC's lawsuit claims that Consensys violated securities laws by acting as an unregistered securities broker, and by offering staking services that constituted unregistered securities offerings. The SEC has previously cracked down on staking offerings by other firms, including Coinbase and Kraken.
SEC sues Consensys, maker of MetaMask wallet
- "SEC Charges Consensys Software for Unregistered Offers and Sales of Securities Through Its MetaMask Staking Service", U.S. Securities and Exchange Commission [archive]
Hacker compromises wallet of Steven Galanis, CEO of Cameo app, stealing $231,000
Galanis wrote on Twitter that he "Just got my Apple ID hacked". Although he didn't offer more details on how he had determined iCloud was to blame, it's likely he's referring to an attack vector where MetaMask automatically backs up users' seed phrases to iCloud unless it's disabled, meaning that a hacker who successfully accesses a person's iCloud account can also compromise any of their MetaMask wallets. The same type of attack saw a user lose $650,000 in April, and brought wider attention to the app's behavior.
$650,000 phishing attack against MetaMask user reveals that credentials are automatically backed up to iCloud
It's not yet clear if others have been affected by the same type of attack, but MetaMask tweeted instructions for iCloud users on how to turn off the automatic backups. Most people seemed to have previously been unaware that this data was being backed up in iCloud. MetaMask turned off replies on their tweet announcement, apparently anticipating the outrage from their users. Iacovone was among the outraged, writing, "Keep exposing MetaMask until they do what is right and take care of this issue and the people affected by it".
MetaMask and Infura block Venezuelan users, at least briefly
Some Venezuelan users were furious with MetaMask, feeling that their choice to prevent them from using the platform was incompatible with the decentralized and deregulated nature of much of crypto. One Twitter user wrote, "MetaMask Do not tell me that you became Centralized, I have this problem and many people in Venezuela have the same".
ConsenSys later appeared to say that the block of Venezuelan users was in error, writing that "In changing some configurations as a result of the new sanctions directives from the United States and other jurisdictions mistakenly configured the settings more broadly than they needed to be".
Former ConsenSys employees demand audit regarding MetaMask and Infura's transfer to a new company
People begin creating IP-harvesting NFTs to highlight the vulnerabilities in marketplaces and wallets
This is as good a time as any to remind you to use a VPN! Mullvad is a particularly good pick (#NotAnAd).
MetaMask founder acknowledges they've failed to remedy an IP address leak vulnerability that's been "widely known for a long time"
Traders duped out of $1.8 million in a fake MetaMask governance token scheme
- "Fake MetaMask Governance Token Soars 2600% and Gets Rug-Pulled", CryptoPotato
- "$1.8M Lost to Fake MetaMask Token Honeypot Scam", Crypto Briefing