Reddit - The heart of the internet

Go to Reddit Home

Log in to Reddit

Open settings menu

Best

Open sort options

Change post view

What MetaMask security settings should every user actually configure?

What MetaMask security settings should every user actually configure?

It’s easy to look over these settings, but taking the time to do so can go a long way in protecting your assets. Here’s a few that most people skip but genuinely matter:

Wallet recovery: Settings > Security and password > Manage wallet recovery. Every user should keep an offline, written down version of their secret recovery phrase (SRP). In the event you lose access to your wallet, this is the only guaranteed way to recover it. Never share your private key or SRP with anyone.

Auto lock timer: Settings > Security and password > Auto lock. Default is "Never." Set it to "After 5 minutes" so a locked wallet can't be drained by a potential malicious script running in the background of your device.

Audit your token approvals. Every dApp interaction may have granted unlimited spend permission, which don’t expire automatically. If a dApp offers a “This time only” approval option, use it. If it only shows a spending cap field, set the amount to exactly what you need— not unlimited, not the suggested default. For existing approvals, check and revoke anything stale at .

Verify your extension ID. Fake MetaMask extensions exist, so be sure to confirm yours at chrome://extensions. The official Chrome extension ID is nkbihfbeogaeaoehlefnkodbefgpgknn

Hardware wallet for significant holdings: MetaMask works with numerous hardware wallets. Your keys stay on the device, not within your browser. If you're holding more than you'd be comfortable losing, this is a must.

Full security guide:

u/comcastbusiness

•

Promoted

A first ever combination of reliability, security and savings for small business. Only from Comcast Business.

I’m new to this and everytime I try buying ETH using Apple Pay it says “Order Status: waiting for the transfer” but never really transfers anything, just expires. I tried many times and same thing happens (I used transak)

VERY FRUSTRATED!!!!

u/Cece_McAwesomeville

VERY FRUSTRATED!!!!

So I bought crypto on the 12th of June and the tokens haven't been sent to my wallet. The token is verified as safe by Metamask. I have been trying to resolve this and I am at a loss! The entirety of Metamask support is a chatbot that has failed to solve my issue. Everything appears to be fine but the tokens are still missing!!! WHO DO I TALK TO?? I need to speak to an actual human being because I need those tokens!!! The token has been picking up since I bought it but I CANNOT use it because it was never deposited! HHEEELLLPPP!!!!

Created Sep 6, 2017

Public

Anyone can view, post, and comment to this community

5K 113

r/Metamask Rules

1

Consensys Privacy Policy - Do not share your information

For your safety, never share your Secret Recovery Phrase, email address, contact information, or any information that relates to your personal identity. We will never DM you to initiate support. Our community thrives on security and privacy. Consensys privacy notice here : https://consensys.io/privacy-policy/

2

Report scams / theft issues to support.metamask.io or use the support link in the app.

Serious matters require professionals. ONLY seek help from official MetaMask Support

Send detailed request to: support.metamask.io
Do not DOXX yourself. By linking your transactions to your reddit account you could create a trail of information that will expose your identity.
Do to be scammed again All DMs offering support are scammers.
ONLY official MetaMask Support may have methods which could help you.

3

Protect yourself - Follow and Write Down the Security Habits Inside This Rule.

Write these down and place them next to your computer or in your phone notes. Refer to them daily or when in doubt.

Rule #1: Never share your secret seed phrase.

Rule #2: Never share your private keys.

Rule #3: Never enter your secret seed phrase or private keys into any website online.

Rule #4: MetaMask Support will never DM to help you.

Rule #5: Never DM someone offering to help.

Rule #6: Beware fake websites
Official: https://metamask.io/

Rule #7: Offical Help ->Support.MetaMask.io

4

DO NOT Respond to DMs. MetaMask Customer Service will NOT DM You. Turn OFF DMs. See Rule detail.

Scammers use DMs to avoid detection.
Report someone offering to help via DM.
NEVER share your seed phrase or click on links they send.
Turn off DM by going to https://new.reddit.com/settings/messaging Then selecting nobody on both settings

The only MetaMask reps here can be found in the Moderators section of this subreddit.

5

Do NOT contact ANYONE via email

Do not offer to help people via email.
Do not send your information via email.
For customer support ONLY use: support.MetaMask.io

DO NOT DM or email anyone. MetaMask will not DM or reach out to you. Never share your seed phrase or private keys.

6

DO NOT fill any forms or websites posted here or via DMs

MetaMask does NOT post forms for people to fill out.
There is NO instant customer support service.
Never share your seed phrase.
ONLY official support is support.metamask.io
If you see a form posted, report it: At the bottom of the form, click Report Abuse. Choose the type of abuse found in the form. Click Submit Abuse Report.

7

NEVER go to any websites or Discord sent to you by DMs. The Mods or MetaMask will NOT DM you

EVERYONE trying to help via DMs is a scammer.

Stay safe doing these things:

NEVER interact with them.
NEVER go to any website sent to you by them.
NEVER share ANY information with them.
NEVER share your seed phrase aka secret recovery phrase.
Never join telegram groups, discord servers, Whatsapp groups, WeChat groups or other places sent to you by message or DM.

8

ONLY get help from https://support.metamask.io/

ONLY MetaMask support: https://support.metamask.io/
Do not use telegram. We do not have a telegram channel.
Beware impersonators on Twitter, Telegram, Reddit and pretty much everywhere.
Beware of scam subreddits pretending to be MetaMask.

9

No Spamming, Scamming, or Shilling Projects

Do not spam the subreddit with a third party project.
Do not shill or promote projects including but not limited to ICOs, promoting tokens, potential price appreciation of a token/project.

10

Flag Scammers and Spammer

If you see someone doing something shady, flag them.
Alert your fellow members to avoid such a scammer/spammer.
We are a community. Let's re-enforce mutual aid and good security habits
If you see a phishing form, report it.
If you see a form posted, report it: At the bottom of the form, click Report Abuse. Choose the type of abuse found in the form. Click Submit Abuse Report.

11

MetaMask DOES NOT have a Telegram, WhatsApp or Instagram group. All these groups are scammers.

MetaMask DOES NOT have a:

Telegram group
WhatsApp
WeChat
Facebook group
Instagram
any other social networking platform

The ONLY place we help users is on support.metamask.io and community.metamask.io.

Our ONLY twitters are: https://twitter.com/MetaMask https://twitter.com/MetaMaskSupport

Everywhere else is full of SCAMS.

Beware on how these websites are spelled. Scammers use similar looking names to trick people.

12

No Asking for Tokens

Do not ask for tokens
Do not offer to send tokens to a member
Do not DM or ask to be DMed for sending or receiving tokens.
Do not post promotions offering users tokens.

13

Be Polite

Do not engage in unacceptable behavior such as: intimidating, harassing, abusive, discriminatory, derogatory or demeaning speech or actions by any participant in our community online
This applies to our community's subreddit and in DM.

14

Beware Fake MetaMask Websites. ONLY Official MetaMask: https://metamask.io/

The only official MetaMask website is: https://metamask.io/

Bookmark it on your browser.

Scammers use similar-looking letters and clone our website to install money stealing software on your computer.

This software can be:

a fake MetaMask that steals funds.
key loggers that looks out for seed phrases.
Forms that ask for seed phrase (secret recovery phrase).

15

Report Scammers who DM to reddit.com/report

If you get DM from a scammer: report them to reddit.com/report

Choose "I want to report other issues" > "This content is impersonation".

Add the scammer's handle.

In text box state: "Scamming, using phishing techniques to trick users into giving sensitive information.

They DM users and pretend to be part of r/MetaMask.Please have site-wide ban"

Together, we can help keep our community safe.

User Guide

User Guide: Secret Recovery Phrases, Password, and Private Keys

User Guide: Token Safety Practices

User Guide: Gas Fee Overview

User Guide: Estimating Gas Fees

User Guide: NFTs

User Guide: Custom Networks

User Guide: Dapps

User Guide: Tokens

User Guide: How to recover a Secret Recovery Phrase

User Guide: Blockchain Basics

User Guide: Adding Custom Tokens to MetaMask

User Guide: Received email from MetaMask? Beware of this scam tactic.

MetaMask Must-Knows

0. Do you think your wallet has been hacked?

Submit a ticket to our support team at https://support.metamask.io/ and click Start a Conversation. A live chat box window will then automatically appear on your screen where you may contact the support team. MetaMask support WILL NEVER ask you to verify your Secret Recovery Phrase.

Here is some additional information from our Knowledge Base that may help you.

1. Want to report a bug, security vulnerability, ask for a feature request? Reach out here.

2. Transactions on blockchains are irreversible, so they cannot be undone. DO NOT share your secret recovery phrase or private keys with anyone. Check out this from our Knowledge Base.

3. Hardware wallets help you stay safe and provide better security than 2FA. Check here to understand why MetaMask doesn't have 2fa.

Check Here to learn how to link your MetaMask to a hardware wallet.

4. MetaMask will not be able to reset your Secret Recovery Phrase.

5. You can generate all your accounts in your MetaMask wallet with your Secret Recovery Phrase. Have a look Here.

6. Be careful of every smart contract you approve or give permissions to with your MetaMask wallet. Just because they exist doesn't mean they are a good deal. Have a read Here.

7. MetaMask does not have control of gas fees. Gas fees are what secure the decentralized network by incentivizing computers to process transactions. Gas fees are determined by the total demand on the network. Just like gas, if demand goes up, prices go up. Learn more here and here.

8. MetaMask will never initiate sending you an email. Learn more here.

Safety Guide

Rule #0: If you have to ask, its probably a scam.

Check https://metamask.io/'s website to verify the information.

Rule #1: Secure your assets

Stay safe! See our security suggestions to keep your assets safe. Make sure to reassess your security setup as your assets change value.

Basic Security Tips.

Connecting Hardware wallets.

Rule #2: Never share your secret recovery phrase or private keys.

Never share your secrets in anyone.
Never enter your secrets into any website online.

Rule #3: NEVER ENGAGE with ANY Direct Messages.

MetaMask Support will never direct message to help you.
Never respond to direct messages from someone offering to help. These are scammers.

Rule #4: NEVER click on websites sent via Direct Messages.

Never interact with any website given to you via direct messages.
You can be scammed even if you do not share your secret recovery phrase.
There is no need to "synch" or "validate" your wallet. This is a scam.
NEVER click on any websites with "walletconnect". These are scams.

Rule #5: Report Scammers

Report to reddit.com/r/report:

Anyone impersonating MetaMask Support via direct message.
Anyone offering to help via direct message.

Rule #5: Only use official help support.metamask.io

The ONLY official MetaMask help is support.metamask.io

Rule #6: Turn off your DMs to avoid scammers on Reddit.

Go your user settings and select nobody on both settings. 

Rule #of 7: Beware fake websites

Official: https://metamask.io/

Rule #8: Do not join

Discord servers
Telegram channels
WhatsApp groups
WeChat groups
Facebook groups
Facebook Messenger
Instagram

Rule #9: There are NO token drops planned.

There are NO governance tokens planned.
There are NO NFT drops planned.
We will NEVER do a stealth drop.

Rule #10: For your safety and security, we suggest you avoid sharing any personal identifying information such as your name, e-mail address, and wallet address. Sharing this information can cause you to be more vulnerable to scammers trying to target you, by knowing your contact information and connecting your personal identity to your wallet address.

Use an anonymous username, password, and profile picture that you don't use anywhere else. You're less likely to have your identity associated with other online platforms you use.
Describe your issue but we suggest to avoid sharing your wallet address or transaction ID. This will help keep your wallet separate from your personal identity.
Protect your devices! Install, maintain, and update an anti-virus software.

MetaMask does not support any of these. These are all scams.

Block Explorers

Need to check the assets in your address? Use the appropriate Block Explorer for your network.

Block Explorer allows you to see the assets of any account. They are helpful when you think your assets are not in your Metamask wallet.

Ethereum - EtherScan

Polygon - PolygonScan

Avalanche - AvaScan

Harmony One - Harmony.one Explorer

Check out more here.