MetaMask - stealing ETH by exploiting clickjacking - $120,000 bug bounty

✉️ Sign up for the mailing list: https://bbre.dev/nl
📧 Subscribe to BBRE Premium: https://bbre.dev/premium
📣 Follow me on twitter: https://bbre.dev/tw

This video an explanation of a clickjacking bug in MetaMask that allowed the attacker to steal victim's Ethereum with a few clicks. Metamask paid $120,000 bug bounty for it to United Global Whitehat Security Team (UGWST), including René Kroka and José Almeida.

PoC code: https://bbre.dev/mm-poc
🖥 Get $100 in credits for Digital Ocean: https://bbre.dev/do


Timestamps:
00:00 Intro
00:47 What is …

bounty bug bug bounty clickjacking eth exploiting metamask stealing