MetaMask offers a sleek and easy-to-use interface that allows Ethereum users to interact with the blockchain without downloading the entire blockchain locally. Does this make it a safe way to store NFTs? Let’s find out...
General
If you aren’t up to date on all things blockchain, here’s what you need to know about Ethereum: There are two kinds of tokens—Ethereum-based ERC-20 and Ethereum itself.
To access ERC-20 tokens within your MetaMask account, click Add Token and then copy/paste in your token’s contract address, an identifier (e.g., ABCD), and its symbol (e.g., ABCD). You can find both of these by logging into Etherscan or by visiting an exchange such as Binance, creating an account there, and then looking at your own ETH wallet to see which ETH address it assigns to you.
Then, go back to MetaMask and paste that information into the appropriate fields. Once you’ve added your first token, it will be available on every page within MetaMask.
When you want to send some ETH from one place to another, just select ETH from your list of tokens and enter how much ETH you want to send. When sending ERC-20 tokens via MetaMask, choose ERC-20 Tokens from your list of options and enter how many tokens you want to send in one transaction.
This is important because if you don't specify a value, then MetaMask will automatically default to sending 1 token per transaction!
Security
Only MetaMask users can send and receive tokens that are built on Ethereum. When you first create your wallet, it will be empty until you add a password. Even when it’s locked, your private key is accessible to no one but you; even MetaMask itself doesn’t have access to it.
Your private key remains encrypted at all times, so security breaches aren’t an issue either. As long as users take good care of their passwords and avoid malware and phishing sites, they should feel confident that their funds are secure within their wallets.
For that reason, we think Metamask is safe to use with non-fungible tokens (NFTs). That said, if you do lose your password or get hacked, there’s nothing stopping someone from accessing your wallet and stealing all of its contents.
If you plan to store large amounts of ETH in Metamask or any other cryptocurrency wallet, we recommend using a hardware wallet like Ledger Nano S or Trezor.
These devices store private keys offline—so if someone hacks into them or steals them physically, they won't be able to access any of your cryptocurrencies. However, these devices cost money—as much as $100—and may not appeal to everyone.
If you're looking for something more affordable and convenient than hardware wallets but still want some protection against hackers and physical theft, try using paper wallets instead.
Hacks
A security vulnerability called side-jacking can leak private keys. Sidejacking is possible because when you load an NFT (such as a Cryptokitty) into your wallet, it calls another website that uses Javascript to generate your public and private key pair.
If that website has vulnerabilities, they could be exploited to reveal your keys — and allow hackers to steal your digital goods. A more common danger is phishing: If you receive an email claiming to be from MyCrypto or MyEtherWallet asking you to open a link or type in information on their site, do not click on any links!
Any fake websites might look very similar but have tiny differences in their web address. You should always type in your own personal URLs directly into your browser bar. This way, you will always go to a verified source and avoid being tricked by fakes.
To protect yourself against even advanced threats like these, use a hardware wallet such as Ledger Nano S or Trezor. These devices are immune to all forms of malware since they don’t run any software — including browsers — on them at all. They store your keys offline so no one can hack them remotely either.
Drawbacks
While it is arguably one of the most trusted options available, MetaMask does have its drawbacks. For example, because it’s a web browser plugin and not an actual cryptocurrency wallet (that you can carry around in your pocket), you do have to rely on Chrome or Firefox for usage.
Some users report issues with both browsers freezing when attempting to use some decentralized applications (DApps) like CryptoKitties. Additionally, not all ERC-20 tokens are compatible with MetaMask—and there are too many tokens out there now for them to manually review them all.
Users interested in purchasing or exchanging any coins besides Ethereum must jump through some hoops as well; storing these coins requires using additional apps outside of your web browser.
Trusted?
While MetaMask has been in use since 2016, and while they have not suffered any security breaches, there is some controversy surrounding its history of abusive privacy policies and its claim to hold users’ private keys (which is true).
The team at MyCrypto disputes these claims, however. MetaMask does not store or send any data anywhere that you do not explicitly tell it to, MyCrypto explained on Twitter. They may claim that they 'have access to your information. However, only YOU can give that access.
This means: There is no way for them to give data out without either installing malware or getting you to do it yourself. Still unsure? Try using an open-source Ethereum browser like Mist instead. You can also try using hardware wallets like Ledger Nano S or Trezor to store your crypto assets safely offline.
Conclusion
It all comes down to trust, after all. You’re trusting MetaMask to ensure you’re in control of your account and that it isn’t being hijacked by any outside forces; you’re trusting them to have securely generated your private key and not use it for malicious purposes, and you’re trusting them with any tokens or information you store on their server.
In addition, there are security concerns associated with downloading applications from random websites; if MetaMask has some sort of backdoor or is compromised in some way, does that mean your digital assets could be accessed by outside parties? In short: yes.
_11zon.jpg)
