✉️ Sign up for the mailing list: https://bbre.dev/nl
? Subscribe to BBRE Premium: https://bbre.dev/premium
? Follow me on twitter: https://bbre.dev/tw

This video an explanation of a clickjacking bug in MetaMask that allowed the attacker to steal victim’s Ethereum with a few clicks. Metamask paid $120,000 bug bounty for it.

PoC code: https://bbre.dev/mm-poc
? Get $100 in credits for Digital Ocean: https://bbre.dev/do


Timestamps:
00:00 Intro
00:47 What is MetaMask and how it works?
02:07 What are Web Accessible Resources?
04:11 Clickjacking – what is the impact of iframing a website?
06:00 Proof of Concept
07:20 How to prevent clickjacking?

Add comment

Your email address will not be published. Required fields are marked *