Fake '2FA Security Check' Targets MetaMask Wallets in Phishing Scam

Key Highlights

A brand new MetaMask phishing rip-off tips customers with pretend 2FA screens, aiming to steal seed phrases and drain wallets immediately.
Crypto phishing and social engineering stay high threats—scammers impersonate wallets, exchanges, or help to steal funds.
Bodily assaults like wrench scams are rising; utilizing {hardware} wallets, multisig accounts, and safeguarding keys is crucial.

Crypto customers are below assault from a brand new MetaMask phishing rip-off concentrating on pockets seed phrases. In keeping with SlowMist’s Chief Safety Officer (CSO) im23pds, scammers are copying MetaMask safety alerts to trick customers into pretend two-factor authentication (2FA) steps.

The rip-off begins with a cast safety warning and ends with prompting victims to enter their pockets restoration phrases. The hackers’ purpose is straightforward: drain wallets immediately and depart customers with no recourse.

The phishing sample includes plenty of steps. Customers are launched to a pretend safety alert web page that appears like MetaMask. Later, a pretend 2FA web page is displayed. Most often, a timer is used alongside. Customers are requested to offer seed phrases. They’re instructed this can safe their accounts.

As soon as customers submit the phrases, attackers acquire full entry, emptying the wallets in seconds. Social media posts have flagged the hazard. An X person, SECUR3, reported a sufferer dropping $50,000 in simply 10 seconds after clicking a pretend “MetaMask pressing replace” hyperlink.

Phishing assaults on crypto platforms

Phishing assaults are the main supply of crypto losses. Within the view of SECUR3, scammers fake to symbolize a crypto pockets, change, or challenge so as to dupe victims into handing over their personal keys. The rip-off could contain a deceptive airdrop URL in a direct message or near-perfect rip-off web sites.

For example, scammers could develop websites akin to “metamask-io[.]com” to resemble official websites. SECUR3 identified, “Enter seed phrase to repair/sync/declare” is at all times a rip-off. No legit pockets will ask for such info.

Moreover digital phishing, social engineering assaults have additionally surged. In a current analysis, on-chain sleuth ZachXBT identified a Canadian threat actor impersonating Coinbase help. Over the previous 12 months, this rip-off reportedly stole greater than $2 million. Attackers used telephone calls and pretend conversations to influence victims to approve unauthorized transactions.

In the same sort of assault, in July 2023, Yazan described a rip-off wherein X customers misplaced $70,000 to the imitation accounts of MetaMask bots. These examples show the should be cautious on-line.

This particular person misplaced $70,000+ in property by falling for the commonest rip-off on Twitter, the “metamask” bot replies.

Sufferer’s deal with: 0xC49Bf760733fbcd7361EA179466bC67dc1100325

Drainer wallets: 0x14ab5e35cda0e8859730c6fde4f9617138621915
0xdcba8ed3ffd68e3425f3948c5e4da3c72b84ebe6… pic.twitter.com/uouLEG1PXN

— Yazan 🇵🇸 (@YazanXBT) July 15, 2023

Bodily threats and wrench assaults

These risks lengthen nicely previous internet scams. Wrench assaults, whereby robbers bodily intimidate individuals to steal their crypto, have began to extend throughout Europe, Asia, in addition to the U.S. An instance is the current November 2025 assault on a citizen of San Francisco, the place the thief masqueraded as a supply driver to steal Ethereum price $11 million.

Duct tape, assault, and loudspeaker intimidation had been the strategies that the prison resorted to for entry to the wallets. Two months in the past, two brothers from Texas had been additionally charged by the federal authorities with kidnapping and stealing $8 million of cryptocurrency.