MetaMask is one of the most popular software cryptocurrency wallets for holding ERC-20 tokens and interacting with decentralised applications (dApps) on the Ethereum and Binance Smart Chain networks. In this guide, we are taking a closer look at the wallet’s approach to privacy and security, as well as how its users can protect their assets while using it.
INTRODUCTION
Safety and security are two important considerations when choosing how to store your cryptocurrency assets.
History has shown that using online exchange accounts is the least secure route, even though they offer the most convenience for using your cryptocurrency.
In our comprehensive guide to cryptocurrency wallets, we highlight some reasons why using a hardware wallet may be the safest way to store your digital coins. However, the biggest drawback of this method is that it is cumbersome to access your assets.
A good compromise between security and convenience is the use of software wallets that include mobile and web wallets. MetaMask is a great example of a web and mobile wallet because it exists as a browser extension and a mobile app for iOS and Android devices.
Metamask is not just a storage medium; it has more utility and features, as we will discuss in this guide. However, most crypto wallet providers have fallen prey to crypto hacks and phishing attacks. As one of the most popular crypto storage options on the market, we will mainly focus on how MetaMask defends against attacks and keeps its users’ assets safe.
WHAT IS METAMASK?
MetaMask is a web3 cryptocurrency software wallet that can be accessed via web and mobile interface. Web3 is the next generation of the Internet, powered by blockchain technology, and MetaMask is one of the tools to access it.
Not all web-based crypto wallets support web3, and so far, MetaMask is one of the most popular options for people to execute smart contracts and interact with decentralised applications (dApps) from their web browsers.
MetaMask was built in 2016 by New York-based Ethereum development studio ConsenSys Software Inc, a company under Ethereum co-creator Joseph Lubin. At the time of its launch, MetaMask was only created to hold Ethereum coins and tokens based on ERC standards.
Until recently, the wallet only supported Ethereum (ETH) and Ethereum-hosted tokens, but users can now also store Binance Smart Chain (BSC) tokens because BSC is a fork of (derived from) Ethereum’s Go client.
As such, MetaMask can store tokens on both Ethereum and BSC networks and allow users to interact with dApps designed to run on top of the two networks.
HOW DOES METAMASK WORK?
Most cryptocurrencies are based on the popular public key cryptography that uses two sets of keys to control funds in decentralised networks: public and private keys. MetaMask is designed to store the private keys that unlock tokens on a blockchain.
In analogous terms, the public key is like a bank account number that can be shared with a counterparty or the public. The private key, on the other hand, is similar to an ATM PIN that you use to access funds in your bank account. MetaMask (and other cryptographic wallets) are tools that are used to store these private keys.
In recent years, MetaMask’s functionality has grown, and the wallet is now web-enabled3. Some of its additional functions include:
Acting as a bridge between a web browser and dApps;
Holding non-fungible tokens (NFT);
Exchange between different tokens compatible with Ethereum and BSC networks;
Buy Ethereum in-app through third-party integrations with Wyre and Transak.
WHAT MAKES A CRYPTO WALLET SAFE AND SECURE?
Before discussing MetaMask’s approach to asset security, here are some of the factors to consider when analysing whether a crypto wallet will keep your digital assets safe:
Nature of the wallet: you must determine what type of wallet it is. Whether it is an online web wallet, mobile, desktop, or hardware. You must determine whether it contains private keys in hot or cold storage. The former refers to a situation where the wallet is actively connected to the Internet, while the latter is where private keys are stored offline. Cold wallets are generally more secure to use than hot wallets.
Third-party wallet integrations: Since hot wallets are more prone to attacks, some wallet providers have chosen to partner with hardware wallet companies to provide seamless integrations to provide greater security for assets while retaining the convenience of using a software wallet.
Security tools: It is important for crypto wallets to provide additional security tools to their users, such as second factor authentication (2FA), password or even biometric authentication to allow them to better protect their wallets.
IS METAMASK SECURE?
Let’s consider how MetaMask protects its users’ assets. Notably, since its inception in 2016, MetaMask has not reported any significant security incidents affecting its systems. Here’s why:
Local data storage – MetaMask stores private keys and other metadata about the user on the device on which the wallet is installed. This data storage option means that the wallet, whether the web or mobile version, avoids the use of a centralised server that is often targeted by hackers. Keeping sensitive information about the wallet in local storage allows the wallet owner to be fully responsible for the security of their assets, and in the unfortunate event that they are hacked, losses are minimised for the individual victim.
Hardware wallet integration: Hardware wallets are significantly more secure than metaMask web or mobile wallets, and since as a hot wallet, its security measures have a ceiling, the company has chosen to partner with highly secure hardware wallet manufacturers Ledger and Trezor. Users can now easily hold their digital assets in a Trezor wallet, for example, and access them through MetaMask’s intuitive interface. Previously, a user had to transfer assets between wallets.
Security tools: for both versions of MetaMask (i.e. web and mobile), users must set up a password to access their wallets. Even for wallets synchronised between the web and mobile interfaces, passwords have to differ for added security.
Privacy measures: MetaMask takes appropriate measures to ensure the privacy of its users while browsing the nascent web3 environment. Generally, each time you visit a dApp website, the application will request the MetaMask plug-in in your browser to access your information, including public address and balances. Initially, this information was provided to all websites by default, but now the wallet plugin will request permission from the user to allow them to share this information. This additional step ensures that a user’s information is only shared with approved dApps, increasing asset security.
Open source: MetaMask’s source code is available for audit on the public Github platform, where anyone can audit it and report any vulnerabilities to the software. In this way, the wallet’s security is constantly monitored, improving user confidence and helping to protect users from hackers.
HOW TO SECURE YOUR METAMASK WALLET
Although MetaMask is a relatively secure tool for storing your digital assets, users must take the initiative to protect their property by making good use of the tools available and maintaining maximum security hygiene. Here are some steps to take to protect the assets stored in your MetaMask wallet:
Properly back up your seed phrase. A seed phrase is a collection of words, usually 12 or 24, that can be used to retrieve private keys from a wallet. Software and hardware wallets come with seed phrases that should be properly backed up. When creating a MetaMask wallet, be sure to write down the seed phrase and store it in a secure location.
Create a secure password. MetaMask will always ask you to create a password for each device you install the wallet on. Keep it simple so that you can remember it easily, but it is also difficult for someone else to guess. If you forget your password, you will have to restore your wallet using the backup seed phrase, and if you lose access to your seed phrase, you will not be able to recover your assets.
Only install MetaMask on a personal device. MetaMask stores the private key in an encrypted format on the device on which it is installed, and if this device is shared, the funds held within the wallet are at risk. Therefore, make sure that you only use MetaMask from a personal device.
Connect to legitimate web applications. Avoid connecting your MetaMask wallet to unverified websites. Some of these web applications are designed by fraudsters to collect sensitive information about visitors to facilitate targeted phishing attacks. Others may scam you out of your assets.
Don’t show your password or passphrase to anyone. This may seem like an obvious suggestion, but there are instances where we are likely to inadvertently share sensitive information, such as during screen sharing. To avoid sharing your password or backup passphrase, do not share your screen while backing up your seed phrase or creating a password.
BENEFITS OF USING METAMASK
Supports assets and tokens on the popular Ethereum and Binance Smart Chain networks, two of the most dominant smart contract blockchains;
It is open source, allowing independent security analysts to audit it, which contributes to its security;
MetaMask is free to use;
The wallet is decentralised, meaning that anyone can download it, install it and start using it without complying with any regulatory requirements;
Both its web and mobile interfaces are intuitive and beginner-friendly;
MetaMask is one of the few web-enabled3 wallets that ensures it is future-proof as the world wide web becomes more interactive through dApps;
The wallet has a built-in exchange function to help exchange between thousands of Ethereum tokens and BSCs;
Although MetaMask is a hot wallet, it has forged significant partnerships by integrating with hardware wallets to better protect its users’ assets.
DRAWBACKS OF METAMASK
As a hot wallet, MetaMask is prone to remote attacks;
The wallet only supports two blockchain networks;
MetaMask is only available as a browser add-on and mobile app. There is no desktop version yet;
The wallet is centralised as it is run by Ethereum development studio ConsenSys.
ALTERNATIVES TO METAMASK
There aren’t many worthwhile MetaMask alternatives, but two of the best options out there are:
1. Coinbase Wallet
Coinbase Wallet is a standalone software wallet from leading US-based cryptocurrency trading platform Coinbase. It is available as a mobile and browser add-on like MetaMask. However, unlike MetaMask, the Coinbase wallet supports more crypto assets on multiple blockchain networks. It is also web3-enabled and has seamless integration with the Coinbase exchange.
Note: Read our full Coinbase review or the Coinbase Wallet section for more details.
2. Trust Wallet
Trust Wallet is also an independent crypto wallet associated with leading cryptocurrency exchange Binance. Unlike MetaMask and Coinbase Wallet, Trust Wallet is only available as a mobile app, but has similar features to its rivals.
It is web3-enabled, can be used to store a variety of crypto assets and supports staking. However, its web3 support is different because instead of having native browser integration like the other two wallets, it has a built-in dApp browser to interact with decentralised applications directly from the wallet interface.
FINAL THOUGHTS
MetaMask certainly plays an important role within the Ethereum network. It helps users connect to the vast Ethereum ecosystem and keep their assets secure. Because of its important role, it must ensure that its interface is not only useful, but also secure.
As highlighted in this text, the wallet developer has implemented the necessary infrastructure to protect users, including the provision of tools to protect themselves. One thing to always remember is that security is a personal initiative. You can have the best tools but still end up a victim.
Always practice crypto wallet security hygiene when using MetaMask, such as creating strong passwords, avoiding sharing devices on which the wallet is installed, and securely backing up your seed phrase.
METAMASK FREQUENTLY ASKED QUESTIONS
What is MetaMask?
MetaMask is a cryptocurrency wallet developed and maintained by Ethereum development studio ConsenSys Software. The wallet is considered a hot storage medium because it is connected to the internet and can be accessed remotely.
What is MetaMask used for?
MetaMask is a crypto wallet with multiple uses, which include:
Storing digital assets (coins, tokens and non-fungible tokens);
Interacting with decentralised applications (dApps) on Ethereum and Binance Smart Chain networks;
Exchange between tokens through the exchange function;
Buy Ethereum using third-party brokerage services.
Is MetaMask secure?
Yes, MetaMask is relatively secure, as it takes the necessary steps to protect its users and their assets. It does this in four main ways:
Storing sensitive information about the wallet within the device on which it is installed and avoids the use of centralised storage on servers;
It is open source to allow the blockchain community to contribute to its development and independently audit it for vulnerabilities;
Maintains the privacy of wallet information by disabling the sharing of information with websites by default;
Provides integration with Trezor and Ledger hardware wallets;
Provides users with tools to protect their accounts, such as passwords and biometric login credentials in the mobile application.
How do I install MetaMask?
MetaMask is available as a web browser add-on for Chrome, Brave, Edge and Firefox, as well as a mobile app for iOS and Android. Visit the homepage for official links to download the appropriate version for your device. Avoid installing Wallet from an unofficial source.