Pro-Ethereum conglomerate Consensys has announced a mass round of layoffs that its founder and CEO Joe Lubin has primarily blamed on the Securities and Exchange Commission’s (SEC) “abuse of power” and “attacks.”

In a blog post announcing the 162 “right-size” job cuts — 19.5% of its 828 employees — Lubin also called out Congress for its “inability to rectify” Consensys’ legal woes.

The SEC is suing Consensys for several profitable business units that allegedly violate US law. In its June 28 suit, commissioners explained that Consensys’ Swaps feature of its MetaMask software acts as an unregistered broker that effects securities transactions on behalf of investors. Moreover, they say Consensys also sold unregistered securities through its MetaMask Staking.

Read more: SEC tries to expand crypto jurisdiction with Consensys lawsuit

For its part, the firm primarily argues that users control MetaMask software and do not rely on Consensys for these transactions. The SEC has counterargued in detailed court filings that the conglomerate’s suite of code, hosted services, nodes, relayers, and human-directed choices not only make MetaMask indispensable for many users but also demonstrate the company’s willful and profitable violations of law.

The main lawsuit is ongoing in the US District Court for the Eastern District of New York. The next meeting is scheduled for November 20 to set a schedule for evidence discovery.

Consensys has already lost one lawsuit against the SEC

Consensys has failed in many of its attempts to fend off SEC enforcement. Earlier this year, it preemptively sued the SEC after it received a Wells Notice.

On September 19, a federal judge dismissed that attempt. Lubin had asked a Texan court to rule that ETH transactions were somehow not securities transactions because they involved ETH, prohibit the SEC from suing companies for using ETH, and bless its Ethereum-friendly MetaMask wallet. The judge declined all of Lubin’s requests.

Consensys previously laid off 100 of its then-900 workers in January 2023. In 2018, when the company had some 1,200 workers, a layoff affected approximately 600 workers.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

The post Consensys blames SEC at top of 20% staff layoff announcement appeared first on Protos.

A researcher who found evidence of data harvesting inside Ledger Live has revealed equally disturbing harvesters inside MetaMask and Avalanche browser extensions.

MetaMask, the world’s most popular crypto wallet, uses a single pixel (‘1X1’) iFrame to embed trackers into its browser extension. The Ethereum- and ConsenSys-backed extension contains a data harvesting ‘analytics_iFrame’ within its code.

For context, the iFrame is an old trick by web marketers. Publishers would secretly serve ad code inside an iFrame displayed as one, invisibly small pixel — tolling untold profits through invisible ad impressions. Due to years of iFrame abuse, many web browsers and advertising platforms ban iFrames altogether.

However, MetaMask still uses an invisible iFrame — perhaps hoping that no one would have thought to look through its outdated bits of CSS code. The iFrame within the browser extension circumvents traditional web safety services because the user voluntarily installs the extension and approves its permissions.

Naturally, MetaMask requires new users to agree to its terms of use. It vaguely disclaims responsibility for third-party content and services — without specifically naming iFrame trackers, of course.

“You access, rely upon, or use any third-party content or third-party service at your own risk. Consensys disclaims all responsibility and liability for any losses on account of your reliance upon or use of such content or services.”

MetaMask’s terms do not clarify whether these third-party offerings include data harvesting or code hidden within iFrames.

Another data harvesting operation: Avalanche

The same researcher who exposed data harvesting inside Metamask and Ledger Live also revealed concerning web extensions in another crypto wallet: Avalanche.

Avalanche added analytics code to its Core App Chrome extension. Avalanche used to make all its code open source. However, at some point, it changed its licenses. The analytics portion of Avalanche’s extension is not open source.

Read more: Researcher finds data harvesting inside Ledger Live app

Data harvesting includes transaction data, mouse clicks, and other actions users take while using Avalanche’s wallet browser extension and its token, AVAX.

Naturally, researcher REKTbuildr questioned why these web extensions, which also serve as crypto wallets for millions of people, need to use analytics trackers at all.

As with REKTbuildr’s critique of Ledger Live, the researcher expects that Avalanche allows transmission of anonymized audience data to internal UI/UX teams or third-party advertisers.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

The post Data harvesting found in MetaMask, Avalanche web extensions appeared first on Protos.

Crypto scammers are using the likeness of government websites from Brazil, Colombia, Egypt, India, Nigeria, and Vietnam, among others, to lure victims into a fake MetaMask scam that drains victims’ crypto wallets.

As investigated by Cointelegraph, by clicking on the government website the user is redirected to a fake MetaMask website. Users are then prompted to enter the details of their MetaMask wallets. Anyone unfortunate enough to do this will unwittingly give the scammers complete access to the contents of their wallet.

If a MetaMask hack has affected you then make sure you seek help from its official channels. There are multiple MetaMask scam accounts on X (formerly Twitter) claiming to help return your funds if you write to the Gmail address they provide. Don’t do this — MetaMask doesn’t use Gmail and doesn’t DM online users.

Read more: This MetaMask exploit has stolen $10M ether from OG crypto users

MetaMask consistently a target for crypto scammers

MetaMask is a popular online crypto wallet that interacts with the Ethereum blockchain, and because of this, it’s become a target for scams and hacks. 

A MetaMask developer recently claimed that since December 2022, over 5,000 ether (worth $10 million at the time) had been stolen from early adopters. “This is NOT a low-brow phishing site or a random scammer… It ONLY [steals from] OGs,” the developer claimed.

In February, MetaMask users were targeted when the domain registrar Namecheap was hacked. This led to a series of phishing emails being sent out that impersonated MetaMask and DHL in an attempt to drain user wallets. 

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on Twitter, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

The post Government sites targeted by MetaMask scam appeared first on Protos.

Over 5,000 ether has been stolen from the MetaMask wallets of cryptocurrency veterans across multiple chains since December 2022, according to a MetaMask developer known as Tay.

At press time, the amount of ether stolen is worth $10.5 million. The ongoing hack deliberately targets “OGs who are reasonably secure,” the dev noted on Twitter, but it remains unclear how the sophisticated hacker is pulling it off.

“This is NOT a low-brow phishing site or a random scammer… It ONLY [steals from] OGs,” Tay wrote.

The MetaMask dev speculates that the hacker acquires a data cache from the victim’s device. “My best guess … is that someone has got themselves a fatty cache of data from [over a year ago] and is methodically draining the keys as they parse them from the treasure trove.”

Read more: MetaMask users targeted in Namecheap email scam

Though information on the hacker’s methods remains unclear, all victims have something in common besides being embedded in the space for several years: their wallet keys were created between 2014 and 2022.

According to the MetaMask dev, the hacker will commit a secondary theft in the hours following their initial heist to collect assets and dust that they initially missed. Large thefts are carried out by swapping assets into ether within the victims’ wallets and then into bitcoin through a centralized swapper. A week later, the bitcoin is washed through a crypto mixer in order to make it difficult to trace.

Tay has urged MetaMask users to split their crypto across multiple keys.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on Twitter, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

The post This MetaMask exploit has stolen $10M ether from OG crypto users appeared first on Protos.

Crypto wallet holders were targeted this weekend when domain registrar Namecheap was hacked, allowing scammers to send out a raft of phishing emails impersonating MetaMask and DHL, reports BleepingComputer.

Namecheap’s email system was breached on Sunday and messages attempting to steal personal details and crypto wallets were fired out via the company’s email platform SendGrid. This is the email system used by Namecheap to deliver its renewal notices and marketing emails.

The breach was discovered when users flagged the emails on Twitter. According to would-be victims, the messages either claimed to be a bill for a DHL delivery or a MetaMask know-your-customer (KYC) verification email. The MetaMask email read:

“We are writing to inform you that in order to continue using our wallet service, it is important to obtain KYC (Know Your Customer) verification. KYC verification helps us to ensure that we are providing our services to legitimate customers.

“By completing KYC verification, you will be able to securely store, withdraw, and transfer funds without any interruptions. It also helps us to protect you against financial fraud and other security threats.

“We urge you to complete KYC verification as soon as possible to avoid suspension of your wallet,” (via BleepingComputer).

The message also included a link to a phishing page requesting that the user enter their private keys.

Read more: Wormhole hacker buys Lido’s stETH on heavy margin

Confusion still surrounds the source of Namecheap breach

In the wake of the attack, Namecheap moved to deny that its systems had been compromised, instead claiming that the problem was an “upstream” issue affecting its email platform.

It hasn’t explicitly confirmed that SendGrid is the provider in question, however, it has confirmed using the system in the past and its name appeared in the emails’ headers.

Confusingly, SendGrid denied that the attack originated from a breach of its systems.

Namecheap subsequently ceased all emails and eventually got its services back online later the same day.

For more informed news, follow us on Twitter and Google News or subscribe to our YouTube channel.

The post MetaMask users targeted in Namecheap email scam appeared first on Protos.

Cryptocurrency ad network Coinzilla unwittingly distributed a MetaMask phishing scam across three major sites on Friday in an apparent hack. Coinzilla told Protos they have not been made aware of anyone falling for the scam, but that “new measures” would be implemented to prevent further attacks.

A Bored Ape Yacht Club (BAYC) pop-up advert appeared on CoinGecko, Etherscan, and DEXTools for approximately one hour, Coinzilla claimed. Visitors were prompted to connect their MetaMask wallet in order to participate in an NFT giveaway.

If successful, the phishing scam would drain the connected MetaMask wallet of wrapped-Ethereum (wETH).

The pop-up:

• Asked visitors to connect their MetaMask wallet to take part in a giveaway, 
• told them they had won a free BAYC NFT,
• and then urged the user to sign the message and approve access to the wallet to receive the NFT.

To pull off the attack, an unidentified hacker or group of hackers purchased a banner ad campaign on Coinzilla to promote an affiliate link for BC.game, one of its biggest clients.

Malicious code added to the banner then prompted the three websites to display the BAYC pop-up ad which asked for viewers’ MetaMask wallet.

Coinzilla says new measures will prevent another MetaMask phishing scam

Coinzilla distributes adverts to more than 600 crypto sites, including crypto exchange Crypto.com, blockchain explorer BSCscan, and news outlet CryptoPotato.

In a statement released in response to the attack, Coinzilla said its team pulled all banner adverts from the network for manual review and quickly discovered the source of the attack was not BC.game.

Read more: Celsius lost $54 million Bitcoin by using MetaMask for customer funds

Speaking to Protos, Coinzilla general manager Stefan Lufta explained that the hack infiltrated web browsers without commandeering the sites that the pop-ups appeared on.

“It was just a coordinated attack by some people that took advantage of a vulnerability on browser level.”

“NO CODE has been injected on the publisher website, they just had the chance to control [the browser] for a small period,” Lufta said in an email (his emphasis).

Lufta added he was grateful for the quick response from the community and newly implemented measures will prevent future similar attacks.

“It was an unfortunate event but all the new measures we took now makes it impossible for other attacks like this to happen,” he said (his emphasis).

In any case, recent BAYC NFT phishing scams have been incredibly lucrative for scammers. In March, BAYC fans lost around $160,000 worth of NFTs in an Ape Coin airdrop scam. Last month, scammers walked away with 24 Bored Apes and 30 Mutant Apes worth millions of dollars, in a scam that promised free land in Yuga Lab’s metaverse.

For more informed news, follow us on Twitter and Google News or listen to our investigative podcast Innovated: Blockchain City.

The post No one lost crypto in MetaMask phishing scam, says Coinzilla appeared first on Protos.

Ethereum giant ConsenSys says it will use some of the $450 million raised in its recent Series D to beef up its Ether holdings.

The round, which included Microsoft, Singaporean investment firm Temasek Holdings, and Japan’s SoftBank, valued the company at $7 billion. That’s more than double what it was worth in November last year.

ConsenSys pledged to direct another portion of the funds to a major revamp of its browser-centric crypto wallet MetaMask this year, noted Bloomberg.

The Brooklyn-headquartered software firm now claims MetaMask boasts 30 million active users, although it hasn’t yet qualified exactly how it classifies that group.

On Twitter, ConsenSys’ billionaire founder and chief exec Joseph Lubin (also an Ethereum co-founder) described his plans to buy more Ether with the raise.

“We’ve long maintained a significant treasury of ETH, stablecoins and other crypto tokens, and we are actively using our own financial infrastructure to put these assets to work in DeFi protocols and via staking in anticipation of Ethereum’s merge to Proof of Stake,” he said.

ConsenSys founder says Ethereum will always be number one in DeFi

Lubin told Bloomberg that raising the fresh funds wasn’t particularly difficult. This was especially so given the company’s already close ties with tech incumbent Microsoft.

A number of Microsoft clients have previously gotten on board with ConsenSys’ enterprise blockchain platform Quorum. ConsenSys acquired Quorum from Wall Street bigwig JP Morgan in August 2020.

ConsenSys is currently facing an in-depth audit after 35 former employees demanded an investigation into a 2020 intellectual property deal.

The transaction saw JPMorgan take significant stakes in MetaMask and Ethereum node network Infura, another major ConsenSys product.

Read more: [ConsenSys lawsuit reveals JPMorgan owns critical Ethereum infrastructure]

Following the round, Lubin also dismissed suggestions that Ethereum might one day surrender its number-one status in the DeFi foodchain.

According to Lubin (via Bloomberg), this is “not even a remote possibility.” He says this is down to Ethereum’s more robust security when compared with the likes of Solana or other smaller blockchains.

Follow us on Twitter for more informed news.

Out now: the first three episodes of our new investigative podcast series Innovated: Blockchain City.

The post ConsenSys to buy more Ether, revamp MetaMask with $450M raise appeared first on Protos.

On-chain data suggests Celsius Network lost $54 million worth of Bitcoin during last week’s hack on high-yield protocol BadgerDAO, which saw $115 million worth of digital assets taken.

Hackers extracted 896 Wrapped Bitcoin (WBTC) from a MetaMask wallet that a Celsius employee (presumably CEO Alex Mashinsky) was using to interact with BadgerDAO’s website.

Industry insiders were quick to question why it used MetaMask to handle client funds.

Other Twitter users had questions about the hack, too.

“Seems to be a very costly way to generate yield in hindsight,” said one Celsius customer. “Who will be absorbing the losses? Celsius or users?”

Another customer reacted to the incident with sarcasm: “Their business model is great. They let their users take all the risks, and if something goes wrong, well, not our fault.”

Celsius has admitted it lost money during the hack, but has not specified the amount or how the funds will be recovered.

Celsius is simultaneously dealing with several issues:

• cease and desist orders from multiple state securities regulators,
• the recent arrest of its chief finance officer Yaron Shalem, charged with fraud, money laundering, and sexual assault,
• failing to disclose its CFO’s arrest to investors before closing a $750 million funding round,
• and users reporting difficulty withdrawing funds and concerns about Ponzi-like qualities.

Read more: [Celsius scrubs CFO from site after arrest in Hogeg’s crypto Ponzi case]

High yield and ultra-high risk

An analysis of Celsius’ 2020 fiscal year balance sheet showed that CEL tokens made up $1.5 billion of Celsius’ gross assets and, due to other liabilities and payables, accounted for substantially all of the company’s net asset value at that time.

Celsius’ affected address in last week’s hack routinely transacts with an address that contains more than $65 million in tokens on the Ethereum blockchain.

It frequently sends token transactions to an address labeled as Celsius Network: Wallet 5.

On December 2, for instance, it sent 1 million Tether and more than 54,000 Binance USD to Celsius Network: Wallet 5.

BadgerDAO said it retained Chainalysis to track down the stolen funds and is working with law enforcement authorities in the US and Canada.

It’s paused smart contracts on its platform to prevent further theft.

Read more: [Celsius chief claims he ‘redistributes wealth’ in face of regulatory pressure]

The hackers exploited the web interface connecting BadgerDAO with users’ wallets.

Members of BadgerDAO’s Discord channel reported that the interface requested additional permissions and then directed users to send tokens to wallets controlled by the hackers.

When asked for comment, Celsius CEO Alex Mashinsky said only that the company would release a statement on Friday.

Crypto insurer Nexus Mutual is also refusing to compensate BadgerDAO and Celsius users, saying their insurance policy does not cover “front end” hacks.

Rampant crime across DeFi

According to an industry report by Elliptic, hackers have stolen over $12 billion from DeFi users between January 1, 2020, and November 9, 2021.

Exploitation of bugs in dApp protocols caused 90% of the losses. Elliptic breaks down those losses down into three categories:

• Code exploits: $5.5 billion
• Economic exploits: $5.3 billion
• Administrative key exploits: $1 billion

According to Elliptic, the top targets for theft due to exploits by the amount of money lost include:

• Lending: 34%
• Decentralized Exchanges (DEXs): 17%
• Asset management: 16%
• Cross-chain bridges: 13%

Follow us on Twitter for more crypto news.

The post Celsius lost $54 million Bitcoin by using MetaMask for customer funds appeared first on Protos.