Blockchain Security Firm Warns of New MetaMask Phishing Campaign


A cybersecurity firm has warned of a new phishing campaign targeting users of the popular crypto wallet MetaMask.

In a July 28 post written by Luis Lubeck, Halborn’s technical education specialist, the active phishing campaign used emails to target MetaMask users and trick them into giving out their passphrase.

The company analyzed scam emails it received in late July to alert users to the new scam. Halborn noted that at first glance, the email looks authentic with a MetaMask header and logo, and with messages telling users to comply with KYC regulations and how to verify their wallets.

ALSO READ  Only 50 profiles of the 7,000 Binance employees on LinkedIn are real, says CZ

However, Halborn also noted that there are several red flags in the message. Spelling errors and a fake sender email address were two of the most obvious. In addition, a fake domain called was used to send the phishing emails.

Phishing is a social engineering attack that uses targeted emails to trick victims into revealing more personal information or clicking links to malicious websites that attempt to steal crypto.

There was also no personalization in the message, the company noted, which is another warning sign. Hovering over the call-to-action button reveals the malicious link to a fake website that asks users to enter their seed phrases before redirecting to MetaMask to empty their crypto wallets.

ALSO READ  Squatting faces fine for Iran sanctions violations

Halborn, which raised $90 million in a Series A round in July, was founded in 2019 by ethical hackers who provide blockchain and cybersecurity services.

In June, Halborn researchers discovered a case where a user’s private keys could be found unencrypted on a disk in a compromised computer. MetaMask patched its extension versions 10.11.3 and later after the discovery.

However, at the time of writing, there had been no mention of the new email phishi threat on MetaMask’s Twitter feed.

ALSO READ  Metaverse housing bubble bursts? Virtual land prices crash by 85% due to declining interest

Related: Phishing Risks Escalate as Celsius Confirms Customer Emails Leaked

Last week, Celsius users were warned of a phishing threat after the leak of customer emails by an employee of a third-party vendor.

In late July, security researchers warned of a new strain of malware called Luca Stealer emerging in the wild. The information stealer is written in the Rust programming language and targets the web3 infrastructure such as crypto wallets. Similar malware called Mars Stealer was discovered in February targeting MetaMask wallets.