MetaMask is a Chrome extension by https://metamask.io. It has 10,000,000+ weekly active users and an average rating of 3.38. MetaMask is similar to Binance Wallet and Ethereum Gas Price Extension. The latest version is 10.19.0 and was updated 3 days ago. MetaMask is available in English and 45 other languages. Within Chrome Web Store, its overall ranking is #24.
MetaMask is an extension for accessing Ethereum enabled distributed applications, or "Dapps" in your browser!
MetaMask also lets the user create and manage their own identities (via private keys, local client wallet and hardware wallets like Trezor™), so when a Dapp wants to perform a transaction and write to the blockchain, the user gets a secure interface to review the transaction, before approving or rejecting it.
MetaMask requires a lot of risky permissions. Exercise caution when installing this extension.
Review carefully before installing. We recommend that you only install
if you trust the publisher.
Risk impact measures the level of extra permissions an extension has access to. A low risk impact
extension cannot do much harms, whereas a high risk impact extension can do a lot of damage like
stealing your password, bypass your security settings, and access your personal data. High risk
impact extensions are not necessarily malicious. However, if they do turn
malicious, they can be very harmful.
MetaMask is well trusted and should be safe to install.
Risk likelihood measures the probability that a Chrome extension may turn malicious.
This is determined by the publisher and the Chrome extension reputation on Chrome Web Store,
the amount of time the Chrome extension has been around, and other signals about the
Chrome extension. Our algorithms are not perfect, and are subject to change as we
discover new ways to detect malicious extensions. We recommend that you always exercise caution
when installing a Chrome extension, especially ones with higher risk impact and/or
higher risk likelihood.
Metamask is certainly quirky to those who haven't a clue about how to interface with the blockchain, I don't care what their credentials are it is strange but once you get the hang of blockchain and understand it a bit its actually very straightforward to use.
There may or may not be an issue with metamask regarding security, but by and large the issues most are probably having around security is likely of their own doing much of the time. I'm just giving general advice here..... there's no hand holding with the blockchain, you are responsible for any money in your wallet. Nobody will get you out of jail if you get an issue; blockchain transactions are one way and cannot be undone.
For a lot of people that are blaming metamask for losing their coins, I'm sorry to break it to you but you've very likely been the subject of a phishing scam and been fooled into transacting with a malicious smart contract that looks to be on a legit site/service or something that may look like metamask but is not and theres not much way anyone can do to predict what site will and won't do this.
Unfortunately one has to exercise extreme caution with what they interact with, it is not hard to produce a website that pulls up a fake metamask popup. Don't just trust everything that wants access to your wallet, do your homework, its very easy to get caught out, very very easy actually. Community is everything in this domain, look there to know what is and isn't trustworthy. Even then you aren't 100% protected, there are many projects that start out with good and genuine intentions (and a great deal that don't) only for the founders to do a rug pull due to changing circumstances / change of heart or show their true colors, or some other reason. This is not metamasks fault.
NEVER ever type your seed phrase anywhere, never share your private key, if you do you're a moron, sorry but it has to be said.
Further to this DO NOT just leave any site or service have permanent access to your wallet on any device remove access after you are done with them. I know this is a pain but its the best way to protect yourself, you do not know if and when that service gets compromised. If you granted access to Site A across devices A and B then you have to remove access to your metamask wallet on both devices.
Finallly: USE A HARDWARE WALLET
Finally (no really): Read this https://wiki.rugdoc.io/docs/how-to-revoke-permissions/ particularly the section "revoking permissions" it will explain why some of you have lost your money without a known transaction.