MetaMask logo

MetaMask

software wallet
Operational
Visit website

MetaMask is a non-custodial EVM wallet by ConsenSys, first released in 2016. No financial licence held; the SEC charged ConsenSys in 2024 over MetaMask Staking.

Platform Information

Founded

2016

Headquarters

San Francisco, United States

Open Source

Yes

Two-Factor Authentication

No

Custodial

No

Platforms Supported

ChromeFirefoxBraveEdgeiOSAndroid

Supported Chains

EthereumPolygonAvalancheArbitrumOptimismBaseBNB Chain
non-custodialbrowser-extensionevmopen-sourceself-custody

About MetaMask

MetaMask is a non-custodial software wallet developed by ConsenSys, first released in 2016 and headquartered in San Francisco, United States. It is among the most widely installed browser extensions and mobile apps for Ethereum and EVM-compatible networks, with over 100 million reported installations. In 2025, native chain support was extended to Solana (July) and Bitcoin (December).

Security

  • Non-custodial model: Private keys and seed phrases are stored locally on the user's device. MetaMask's servers never hold or have access to them.
  • Open source: The full codebase is publicly available on GitHub. MetaMask applies LavaMoat, a supply chain security tool, to reduce the risk of dependency-based attacks.
  • Phishing and transaction protection: Blockaid integration surfaces warnings for known phishing domains and flags suspicious transaction requests before the user confirms.
  • Bug bounty: A public programme is operated via HackerOne.
  • Hardware wallet support: Compatible with Ledger and Trezor devices, allowing private keys to stay on the hardware wallet while using MetaMask's interface.
  • No built-in 2FA: MetaMask does not provide two-factor authentication for wallet access. Seed phrase management and device security are the main protective controls.

Regulation

  • MetaMask is non-custodial software and holds no financial services licence with the FCA, FinCEN, MAS, or equivalent regulators.
  • In June 2024, the U.S. Securities and Exchange Commission charged ConsenSys Software Inc. — MetaMask's developer — with conducting unregistered offers and sales of securities through MetaMask Staking, and with operating as an unregistered broker through MetaMask Staking and MetaMask Swaps. The case was ongoing as of early 2026.
  • MetaMask restricts access for users in jurisdictions subject to U.S. and international sanctions.

Incident History

  • April 2023: A third-party customer support provider used by ConsenSys was breached. Approximately 7,000 MetaMask users who had submitted support tickets had email addresses exposed. No private keys or seed phrases were accessed.
  • MetaMask's core wallet infrastructure has not been directly breached. User-level compromises are typically attributed to phishing sites, malicious browser extensions, or exposed seed phrases, rather than vulnerabilities in the wallet software itself.

Availability

MetaMask is available globally but restricts access in jurisdictions subject to international sanctions. A debit card feature introduced in December 2025 is limited to select markets including the EU, UK, Canada, Brazil, Mexico, Argentina, and Colombia.

Security & Score

65

Platform Safety Score

65/100Fair

Based on incident history, security features, and track record

Security Features

open-source code (LavaMoat supply chain protection)phishing site alertstransaction security alerts (Blockaid)bug bounty via HackerOnelive threat surveillancehardware wallet integration (Ledger, Trezor)

Incident History

No incidents recorded for this platform.

Frequently Asked Questions

Do you use MetaMask?

Check how it affects your portfolio health score and get personalised risk insights.

Check your health score