ConsenSys

ConsenSys is a blockchain technology company known for developing software products and infrastructure for decentralized applications. Its flagship product, MetaMask, serves as a widely used cryptocurrency wallet enabling users to interact with the Ethereum blockchain and decentralized finance protocols. The company focuses on providing tools and platforms that facilitate blockchain adoption and usage across various sectors. ConsenSys operates globally, catering to individual users and enterprises seeking blockchain solutions. Its offerings are central to accessing and utilizing decentralized networks and applications built on Ethereum and compatible blockchains. MetaMask, in particular, functions as a browser extension and mobile application, acting as a gateway for users to manage digital assets and engage with Web3 services.

ConsenSys has experienced cybersecurity incidents impacting its MetaMask service, specifically involving unauthorized access to third-party customer support systems. In incidents occurring around August 2021 and February 2023, attackers compromised systems handling MetaMask user support tickets over extended periods. These breaches exposed personal information, primarily email addresses, of approximately 7,000 users globally per incident. The compromised data originated from customer-submitted support requests, potentially including free-text fields containing names, contact details, or financial information. ConsenSys confirmed the core MetaMask wallet infrastructure and applications themselves were not breached in these events. The company responded by terminating the unauthorized access, notifying relevant data protection authorities, conducting forensic investigations, and implementing enhanced third-party risk management protocols to mitigate future occurrences. These incidents highlight risks associated with supply chain vulnerabilities affecting user data processed through external support providers.