How do security alerts work?
Does this article need to be translated?
Together, MetaMask and web3 security specialists Blockaid have developed a security alert system that provides warnings directly in your MetaMask wallet if a transaction is suspected as fraudulent.
The feature is currently available on the following networks:
- Ethereum
- BNB chain
- Polygon
- Arbitrum
- Optimism
- Avalanche
- Linea
- Base
- OpBNB
- ZkSync
- Metachain One
- Scroll
- Berachain
How to turn on security alerts
Security alerts are enabled by default in MetaMask Extension and Mobile; you're all set to to receive transaction security alerts for each transaction you're about to submit!
How to report a false positive
If you see a security alert on a site that you're sure is legitimate—not trying to defraud you—you can report it as a false positive. The Blockaid team can then review the data you send as part of the report, investigate the site and request, and make changes to their database if necessary.
To report a false positive, first click the 'See details' button to expand the alert, and then click 'Report an issue':
This will open a web page allowing you to submit details of the transaction that you were attempting. Click 'Continue' to proceed, and then you'll be taken to a form. Here you can:
- Use the text field to add any details you feel are relevant
- Expand the 'Details' dropdown to view the information about your transaction that will be submitted.
The 'Details' section is automatically populated with data from MetaMask, so you don't need to touch it.
Click 'Submit' to send the report.
How does it improve security?
Transaction simulation
When security alerts are turned on, transactions and signature requests are sent to a MetaMask server to check whether a transaction can result in you losing funds. Your request is not shared with any third party including Blockaid.
If this check returns a positive — i.e. you're likely to lose funds due to the interaction — you'll see a "This is a deceptive request" warning displayed on the transaction confirmation screen:
The security alerts do not prevent you from losing funds or interacting with fraudulent dapps. Even though a warning is displayed, you can still confirm the transaction if you choose to.
Simulating transactions also has the advantage of preventing funds loss if a usually reputable protocol is hacked. When balancer.fi was briefly compromised, for example, Blockaid simulations successfully identified and flagged transactions that would have caused funds loss, even though Balancer was a trusted source.
Maintaining a database of fraudulent dapps
As well as simulating transactions, the security system is updated frequently with the latest Blockaid data on fraudulent dapps. The simulation system is, therefore, complemented by warnings whenever you interact with a dapp that Blockaid's continual scanning has already identified as fraudulent.