📧 Subscribe to BBRE Premium: https://bbre.dev/premium
📣 Follow me on twitter: https://bbre.dev/tw
This video an explanation of a clickjacking bug in MetaMask that allowed the attacker to steal victim’s Ethereum with a few clicks. Metamask paid $120,000 bug bounty for it.
PoC code: https://bbre.dev/mm-poc
🖥 Get $100 in credits for Digital Ocean: https://bbre.dev/do
00:47 What is MetaMask and how it works?
02:07 What are Web Accessible Resources?
04:11 Clickjacking – what is the impact of iframing a website?
06:00 Proof of Concept
07:20 How to prevent clickjacking?