MetaMask adds feature to prevent wallet drainer NFT scams

The new update, 10.18.0 will help users become aware of what they’re signing when a permission is requested to connect their wallets.
July 29, 2022 - Cynthia Chung

In a bid to counter NFT wallet drainer scams in which a lot of crypto users connect their wallets to malicious smart contracts and lose their assets, Ethereum wallet MetaMask has updated its browser extension and wallet to prevent the recurrence of similar further incidents. 


The newly updated 10.18.0 feature, which is an additional layer of security aims to prevent ‘Wallet Drainer’. Wallet Drainer is a way that crypto scammers attack wallets through malicious smart contracts and link NFT projects with wallets without the approval from the signature required from each wallet to transfer ownership of the NFTs.  


As such, the 10.18.0 feature tackles this issue by including a ​​requested setApprovalForAll permission, which asks the user to grant permissions to his wallet instead of automatically performing the step. When the user grants permissions, it allows the smart contract to access and transfer his crypto assets from his wallet. 


Following the announcement, security firm Wallet Guard voiced its approval on MetaMask’s new security update, stating that it is a ‘much-needed emphasis’ when a transaction is requesting ‘Set Approval for All’ to prevent ‘Wallet Drainer’ attempts. 


MetaMask also posted screenshots on their software development repository on Github, which includes on how the new security feature will work.

One of the screenshots has text that reads: ‘Give permission to access all of your BAYC (Bored Ape Yacht Club)?’, accompanied by a second warning: ‘By granting permission, you are allowing the following account to access your funds.’

MetaMask is the leading Ethereum wallet in the crypto and NFT space, hosting around 21 million active users. The new update marks the wallet service provider’s efforts to prevent NFT wallet drainer scams and safeguard its customers.