MetaMask Warns of AI-Driven Crypto Attacks as Malware Hits 850 Browser Extensions

MetaMask has published a comprehensive threat intelligence report documenting a new generation of AI-driven attacks targeting cryptocurrency users, describing an attack landscape that has grown significantly more sophisticated compared to the social engineering and phishing campaigns that dominated previous years. The report identifies AI automation as the defining characteristic of the current threat environment, with attackers using large language models to scale reconnaissance, generate targeted phishing content, and — in the most alarming documented cases — autonomously develop and deploy exploits against DeFi wallet infrastructure.

The Scale of Browser Extension Attacks

One of the most striking findings in the MetaMask report concerns the breadth of the browser extension attack surface. Security researchers working with MetaMask compiled 334 unique malware samples in a three-month period, finding that attack code had been distributed across 850 browser extensions spanning 33 distinct browser variants. The scope of the campaign suggests a level of automation in malware packaging and distribution that goes well beyond what manual threat actor operations could achieve.

Browser extensions hold an unusually privileged position in the crypto security threat model: they can read and modify web page content, intercept network requests, and in many cases access clipboard data where private keys and seed phrases are copied. Compromised extensions can silently alter transaction destination addresses displayed to users before they submit to MetaMask, redirecting funds without triggering any wallet-level security warning.

AI Agents as Both Threat and Defense

The MetaMask report described documented cases of AI agents autonomously draining $4.6 million from test DeFi contracts in a controlled research environment and discovering two novel zero-day vulnerabilities without human guidance. These findings were not hypothetical — they reflected capabilities that security researchers have observed being developed and deployed in adversarial contexts, separate from any particular MetaMask product.

In a striking juxtaposition, MetaMask simultaneously announced a partnership with CoinFello to develop hardware-isolated key management for AI agents that are being given delegated wallet permissions for autonomous DeFi transactions. The dual announcement — documenting AI as a threat vector while simultaneously building infrastructure for AI-controlled wallets — reflects the profound tension at the center of the crypto AI debate: the same autonomous capabilities that make AI agents useful for automated DeFi strategies also make them high-value targets for exploitation.

Recommendations for DeFi Users

MetaMask's advisory recommended that users regularly audit installed browser extensions and remove any that are not actively needed, use dedicated browsers for DeFi activity with a minimal extension footprint, and enable transaction simulation features that preview the expected on-chain outcome before signing. The report also strongly recommended against permitting blind signing for any DeFi interaction — a practice in which wallets display raw hexadecimal transaction data rather than human-readable summaries of what the transaction will actually do on-chain.

The broader message from the MetaMask threat intelligence team was sobering: the AI-driven commoditization of attack tooling means that capabilities previously available only to sophisticated threat actors with significant resources are now accessible to a much wider range of attackers operating at much lower cost. The defensive infrastructure for DeFi users — hardware wallets, transaction simulation, extension hygiene — has not yet evolved at the same pace as the offensive tooling arrayed against them.