Users receive emails with a link to a fake website where they are prompted to enter a seed phrase to confirm their identity

Halborn warns of new phishing attack on MetaMask customers

01.08.2022 - 08:15


2 min

What’s new? Users of MetaMask, a decentralized crypto wallet, are under the threat of phishing attacks. Fake messages are sent out on behalf of the company, asking them to provide a seed phrase on a third-party website, supposedly to confirm that the wallet belongs to the owner. The scammers then gain access to the victims’ accounts, reported representatives of Halborn, a blockchain security company.

News on the Halborn website

A seed phrase is a key secret phrase needed to regain access to a cryptocurrency wallet. It is usually generated automatically when creating a wallet and contains 12, 18, or 24 words.

How does the attack work? Halborn’s technical education specialist Luis Lubeck reported that users receive emails with MetaMask logos telling them of the need to comply with the KYC procedure. When attempting to go to a page with the verification procedure, a fake website opens asking the user to enter a seed phrase. After entering the phrase the victim is redirected to the real MetaMask website, which misleads the user, but by that time the scammers have already accessed the wallet and stolen money.

Lubeck emphasized that there are several alarming signals in such emails at once. Firstly, there are spelling errors. Secondly, a fake email address (it may differ from the original one by just one letter). Thirdly, is the lack of personalization when contacting users.

Experts do not recommend following the link contained in the email — in this case, it is safer to visit the official website and find the desired page on it.

In June, Halborn reported that MetaMask and Phantom wallets fixed a critical vulnerability in a browser software extension. Seed phrases generated by wallet providers were stored on users’ computers in plain text as part of the “Restore Session” feature. This meant that attackers could get into the system using malware or physical access.


Michael Golikov Michael Golikov

Subscribe to Getblock Magazine and stay up to date with the latest news from the world of cryptocurrencies and the digital economy