Warning: Do not sign any message on Metamask, your wallet will be empty!

Warning: Do not sign any message on Metamask, your wallet will be empty!

Did you know that Transaction signature in Metamask (Metamask) can also lead to the emptying of your wallet? In the past few days, one of the experienced users Metamask He lost almost 500 thousand USDC because of this. If the subject Message signature in Metamsk wallet Take it easy, you might be next! But how to abuse Transaction confirmation in Metamask Prevented? Stay with Mehen Blockchain to explain the story of this victim user and see why this happened and what is the solution?

Why should we care about transaction signatures in Metamask?

Why should we care about transaction signatures in Metamask?

On a quiet afternoon, a user named Joe noticed that 469,000 USDC tokens were withdrawn from his wallet account. It wasn’t a simple transfer, and apparently the attacker didn’t have access to Joe’s wallet. A malicious contract had emptied all USDC tokens from his address.

Functions of transactions in Metamsk wallet

Before continuing the story, it is not bad to check some technical points of the matter. The USDC token is a smart contract on the Ethereum network, and the functions of this contract define how to interact with USDC and its various functions. Currently, two functions of this contract are the subject of our discussion:

  • transfer = (transfer <)
  • transfer from (transferFrom <)
Check the transfer function in Metamsk wallet

transfer function (transfer <)

When a user moves USDC tokens or other ERC-20-based tokens between wallets, they are actually making the transfer using the Transfer function. This function transfers the desired tokens from the address of the user who called the function to another address. In order for an attacker to maliciously use the transfer function on your behalf, they need to take control of your wallet.

Token transfer function in Metamsk wallet

transfer function from (transferFrom <)

When a user interacts with a smart contract, the contract uses the TransferFrom function to transfer the token. The contract can take the value you specify in the Approve Function; So if you allow the contract to spend an unlimited amount of USDC, the contract can take all the USDC.

A tweet by a user named Korpi

You confirm that the contract has access to your X number of tokens (eg USDC).

The confirmation contract can withdraw X number of USDC tokens from your wallet at any time.

It doesn’t matter if your wallet is hardware or not.

Your approval remains in effect until such amount is spent by the contract; Unless you cancel the approval.

A tweet about a malicious message signature function in Metamask

Now let’s go back to the story of Joe. In fact, what caused Joe’s wallet to empty was the TransferFrom function. But this function only works if Joe has approved the contract to spend USDC tokens; But Joe was sure he hadn’t confirmed anything!

Checking the Permit function and emptying the Metamask account

Joe’s transaction history on the platform DeBank It clearly shows that 10 minutes before he was hacked, Joe had approved an infinite number of approvals (Infinite Approval). But has Joe really confirmed it? Both yes and no. In fact, he did not do this directly.

Verification of infinite withdrawal in Metamsk wallet

Using the Permit function and emptying the wallet

site Etherscan Indicates that unbounded validation was not performed by the function that Joe called; In fact, this function is a permit function that was called by another address and allowed the malicious contract to spend all the USDC tokens in the atmosphere. But how can others approve contracts on your behalf?

Permit function in Atlasscan

The Permit function was introduced with the aim of improving the user experience in the Ethereum network. By using this function, the user can modify the confirmation function amounts without sending the transaction. At this stage, only the user’s signature is sufficient. If someone has your signature, they can call the Permit function and update the value specified by you for a spender (can even give infinite access to your tokens).

Permit function

If from the decentralized application 1 inch You can see the Permit function. If you want to sell your USDC token, no confirmation is required; You only need to sign a message. This signature allows 1Inch to spend all your USDCs. One inch definitely does not do this, but why a destructive contract!

Before digitally signing the message, make sure it works

Joe may have accidentally signed a message similar to the image above on a malicious site. Unfortunately, he signed the sent message in an online wallet (Hot Wallet) and the culprit of this big mistake was just one click. Since in hardware wallets signing is done on an external device, there is a short window of opportunity for a brainstorm and signature. Anyway, after Joe signed, a hacker sent a transaction with the Permit function. This function allows the malicious contract to spend all USDC tokens in the atmosphere. The TransferFrom function is then called and all tokens are removed from Joe’s wallet.

Checking the transfer functions from and the Permit function in the Metamask wallet

How to prevent misuse of digital signature?

To prevent possible abuses when Transaction signature in Metamask wallet Be sure to pay attention to these points.

  • Do not sign any message on Metamask.
  • Be sure to take the time to understand the message sent to understand the text of the message exactly.
  • Beware of traditional endorsements.


Apparently Digital signatures They can create a disaster. Metamask wallet Sometimes about dangerous consequences Message signature warns users; But no warning is issued for signed certificates that are in accordance with Metamask’s technical designs. However, signed confirmations can cause serious damage if misused. So be careful Transaction signature in Metamask Be sure to understand the content of the message before signing it. Have you ever had such an experience?


Leave a Reply

Your email address will not be published.