The SlowMist security firm has issued an important warning related to a new MetaMask phishing attack, where fake messages claiming to be from the MetaMask team are sent to users to trick them into providing their wallet recovery codes through a variety of methods, including fake two-factor authentication (2FA) pages.
The Evolution of the MetaMask Fraud Structure
The SlowMist security team has identified and notified about a highly effective MetaMask phishing attack created to drain user’s funds. This phishing attack consists of the creation of earnest “MetaMask” phishing sites that closely resemble real MetaMask 2FA verification screens and security alert messages.
The compromised sites lure users in through links sent via email or social media platforms by providing them with a fake security alert. One of the most important aspects of this MetaMask phishing attack is the addition/display of a countdown timer, thus creating a false sense of urgency that leads users to act fast without fully investigating what they are being asked to provide.
Read also: Trust Wallet Verification Set to Filter Flood of Post-Hack Claims
The Last Step of the Phishing Attack is Your Secret Recovery Phrase
The last part of the MetaMask phishing attack is where the attacker takes the victim’s assets. After directing the user through the fake two-factor authentication process, the fake phishing page tells the victim to enter their 12 or 24-word recovery phrase for “verification” or “securing” the user’s wallet. Once entered, the attacker then has total control over the victim’s wallet and the assets in it. SlowMist warns that MetaMask will never ask for a user’s recovery phrase under any circumstances.
Read also: Uniswap Governance Passes Historic โUNIficationโ Proposal, Triggers 100M Token Burn
A Serious Threat Requiring Constant Attention
The MetaMask phishing attack is an example of how much of the risk in crypto is located at the user level. Technical security is continuing to improve, and now we see attackers increasingly rely on psychological manipulation for their attacks.
The best protection is to educate the users: confirm the legitimacy of every communication, do not click on unexpected links, and do not ever enter your recovery phrase on any website. Treat your recovery phrase with the same secrecy you would your bank account PIN.
FAQs
How does this MetaMask phishing attack work?
Attackers send emails or messages with links to fake websites that look identical to MetaMask security pages. These sites show fake warnings and a two-factor authentication (2FA) verification process with a countdown timer, eventually asking for your secret recovery phrase to “complete verification.”
What should I do if I receive a suspicious MetaMask email?
Do not click any links. MetaMask has stated it does not initiate unsolicited email contact with users. If you are concerned about your account, navigate directly to the official MetaMask website or open your extension/app independently, never through a link in an email.
Will MetaMask ever ask for my secret recovery phrase?
No, never. MetaMask, or any legitimate support team, will never ask for your secret recovery phrase, private keys, or keystore file. Anyone requesting this information is attempting to scam you.
Read also: Coinbase Pauses Argentine Peso Services Just One Year After Launch
