Malicious Bitcoin Ordinals PDF Attempted To Steal MetaMask Mnemonics

CryptoMode Bitcoin Ordinals PDF MetaMask

The advent of Ordinals and Bitcoin inscriptions continues to divide the community. It can be invaluable to create an immutable on-chain representation of images, music, video, or PDFs. However, that may also lead to dubious developments and files with malicious code. 

There is a growing community that supports Ordinals and Bitcoin inscriptions. Only some see the benefit of embedding files on-chain, though. Concerns over mounting transaction fees have been proven wrong, for now, but that doesn’t mean things won’t change. In addition, taking up “precious witness space” with NFTs may not necessarily be the best outcome. 

That said, inscriptions bring more attention to the Bitcoin network. They highlight the potential of the world’s most secure blockchain. It is also the leading immutable chain, as Ethereum suffered a rollback several years ago due to the DAO’s hack. In addition, the Ethereum network – and virtually every other blockchain – doesn’t store NFTs on-chain. 

Blockchain Image

In the age of centralized file storage, having on-chain files can be a solid alternative. No one controls the Bitcoin network, and data can be accessed relatively easily. Unfortunately, that also creates new opportunities for malicious actors. Ordinal PDFs are coming, although not every bit of information should be put on the blockchain. 

A recent Twitter thread shows the potential outcome of that approach. Someone embedded a PDF for a Whirlpool dishwasher on the blockchain. Whether this was as a joke or due to malicious intent will always remain a question. However, the PDF contains some curious code that has experts concerned.

There is no reason a PDF should execute any code when the user opens it. In addition, the code snippets indicate the PDF could be designed to drain a user’s wallet. Furthermore, it deliberately targets MetaMask users and tries to acquire their mnemonic seed. 

Thankfully, the Ordinals team took the matter seriously and ensured the PDF was taken down. In addition, they looked for other files, and their message seems to confirm other malicious files were minted as inscriptions on Bitcoin. However, it is unclear what they did exactly and whether such events will occur again. 

Malicious NFTs and inscriptions will be par for the course. They occur on Ethereum and Solana during the initial stages, although they’ve become far less common these days. It is a “growing pain”, but an issue worth keeping tabs on. 

None of the information on this website is investment or financial advice and does not necessarily reflect the views of CryptoMode or the author. CryptoMode is not responsible for any financial losses sustained by acting on information provided on this website by its authors or clients. Always conduct your research before making financial commitments, especially with third-party reviews, presales, and other opportunities.