Phishing Scam Targeting MetaMask Wallet Holders
MetaMask wallet holders are facing a sophisticated phishing scam that masquerades as a security enhancement through Two-Factor Authentication (2FA) verification. This alert comes from the blockchain security firm SlowMist, which has identified a wave of fraudulent emails being sent to unsuspecting users. These messages, designed to look like they are from MetaMask, create an artificial sense of urgency, encouraging individuals to activate 2FA to protect their accounts.
How the Scam Works
The phishing emails are crafted to mimic official MetaMask communication and include a countdown timer to intensify the urgency. This tactic lures users into thinking they need to act quickly, but clicking the provided “Enable 2FA Now” button directs them to a counterfeit web page controlled by the malicious actors. Once there, the primary objective of the scammers is to extract the users’ mnemonic seed phrases—keys that can grant them full access to digital wallets and their contents.
Identifying the Scam
Although the design may initially seem believable, there are telltale signs that can help users identify the scam. Phishing emails typically include minor typographical errors or graphical discrepancies. A key giveaway in this case was a misspelled URL, “mertamask,” which is an obvious deviation from the legitimate “metamask.” Furthermore, the origins of these emails often point to unassociated addresses or public email domains like Gmail.
It’s crucial for users to be aware that MetaMask does not initiate unsolicited requests for account verification or security updates via email. Such prompts are invariably fraudulent. Recently, cybersecurity analyst Vladimir S. highlighted a similar threat involving a fake update for the MetaMask app, which is part of a broader scheme involving wallet theft.
Impact of the Scam
Analyst ZachXBT revealed that this recent series of scams resulted in losses averaging under $2,000 per affected wallet, impacting a multitude of users across various Ethereum Virtual Machine (EVM) compatible networks. However, it remains unverified if this phishing wave is directly linked to an earlier incident that compromised the Trust Wallet, leading to losses reported around $7 million on Christmas Day, when a malicious extension was uploaded to the Chrome Web Store. Trust Wallet has pledged to reimburse all users who were affected by this breach.
Ongoing Threats in Cryptocurrency
In addition, Cardano community members have been cautioned about a separate phishing attempt related to a bogus Eternl Desktop application, which underscores the continuing threat landscape in cryptocurrency.
Despite these alarming developments over the past fortnight, a recent report from Scam Sniffer indicated a significant drop of approximately 88% in overall losses from crypto phishing schemes in 2025 compared to the previous year, suggesting that users are becoming more vigilant against these threats.
