MetaMask, one of the most widely used crypto wallets within the wider NFT community just pushed a small — but crucial — update. There’s now a greater emphasis on highlighting transactions that request “set approval for all” of your MetaMask wallet, according to an initial tweet from the Web3 security app Wallet Guard, which included screencaps of the new feature.
This update will apply even for third-party services with MetaMask integration — that means browser extensions like the popular Wallet Guard Chrome extension.
But what makes this seemingly minor update so important? The “set approval for all” command can be a crucial component of any smart contract. These are bits of code that help facilitate all kinds of transactions done on the blockchain, and as such, are held together using an assortment of commands.
Via the “set approval for all” command, smart contracts are granted permission to approve and transfer tokens from your wallet at a later date. That includes NFTs. In the case of NFT marketplaces, this command enables the marketplace to transfer NFTs from your wallet to a third party upon the completion of a sale.
As crucial as this command is for NFT marketplaces to function, there is one significant caveat: it could also enable bad actors to maliciously transfer the contents of your wallet into theirs when your marketplace of choice is facing bugs. Despite how phishing attacks have been the most common attack vector for thefts in the NFT space, there will always be some Hackerman out there to worry about.
With this update, MetaMask effectively reminds its user base to practice mindfulness whenever making NFT or crypto-related transactions. Barring a sophisticated cybersecurity suite, any user’s best bet to stay safe online — especially in Web3 — is to do their own due diligence whenever their money or assets are involved. Stay safe out there.