MetaMask warns of new phishing bot

Published at: May 3, 2021

Crypto wallet provider MetaMask has alerted its users of a new phishing bot that attempts to steal their seed phrases.

In a tweet published Monday, MetaMask warned users that the bot attempts to direct users to a purported “instant support” portal where they are prompted to enter information into a Google Docs form.

PHISHING ALERT!: a new type of phishing bot is becoming active. Comes from an account that looks “normal” (but few followers)Helpfully suggests filling out a support form on a major site like Google sheets (hard to block).Asks for your secret recovery phrase. pic.twitter.com/EeHumnmzbE

— MetaMask (@MetaMask) May 3, 2021

The form asks for the secret recovery phrase that can be used to respawn users’ crypto wallets. MetaMask stated that it does not have a Google Docs-based support system, urging users to seek support from the “Get Help” option within the MetaMask app itself to avoid being scammed.

MetaMask also encourages users to report scams impersonating the wallet and its services, noting customers can do so in the app.

Despite MetaMask warning its users of the phishing bot, some of its users appear to have already been scammed, with one Twitter user replying: “So there is no way to get back our token right?”

Due to its popularity, MetaMask is one of the top targets for hackers and scammers. On Tuesday, the developer behind the wallet, ConsenSys, reported that it had hit a record 5 million active monthly users.

Phishing attacks are a social engineering technique used by scammers to lure users into completing an action that reveals personal information or account details.

In December 2020, MetaMask detailed a “rotten seed phrase attack,” in which a malicious website mimics the website of the wallet the user is trying to install. The fake website generates a seed phrase that enables the scammers to control the wallet once it has been installed.

It is not just beginner users who may fall victim to phishing scams, with a hacker fooling Nexus Mutual founder Hugh Karp into transferring roughly 370,000 Nexus Mutual tokens (NXM) worth $8 million to a wallet under their control at the end of 2020.

Ledger users have also been inundated with phishing attempts, with two major breaches of company servers resulting in the leaking of personal information including email addresses, phone numbers and even physical addresses.

Tags
Technology
Phishing
Scams
Related Posts
Hong Kong NFT project Monkey Kingdom loses $1.3M in phishing hack, launches compensation fund
On Tuesday, Solana nonfungible token (NFT) project Monkey Kingdom, which has received notable backing from American DJ Steve Aoki, announced via Twitter that hackers made off with $1.3 million of the community's crypto funds through a security breach on Discord. According to its developers, the hack first occurred with the breach of Grape, a popular solution for verifying users on Solana. Hackers then used the exploit to take over an administrative account, which posted a phishing link in the Monkey Kingdom Discord's announcement channel. Users who followed the link connected their wallets expecting they would receive an NFT but instead …
Technology / Dec. 22, 2021
HEX Still Can't Shake Scam Label as Token Approaches $1B Market Cap
While widely written off as a scam earlier this year, Richard Heart’s controversial HEX is fast approaching a $1 billion market cap. According to crypto analytics site CoinMarketCap, the HEX token had a market cap of over $979 million on May 14 with a value of $0.006 at the time of writing. Prior to mid-February, the value of the coin was so small, many sites simply couldn’t measure it. HEX is an ERC-20 token that pays holders for rewards instead of miners, essentially a crypto version of a traditional fixed deposit account. Users can lock up funds, then receive their …
Technology / May 15, 2020
CipherTrace warns of surge in funds lost to MetaMask phishers
Cyber Security firm CipherTrace has issued a warning after noting a surge in reports over the past 24 hours of user funds being stolen by a malicious Chrome browser extension posing as popular crypto wallet MetaMask. The warning was issued under the headline, “ALERT: Malicious Crypto Browser Extension — Masked MetaMask” and reported the company had seen “an uptick of alerts and comments within the online cryptocurrency community of users’ funds being stolen.” In response to online criticism that MetaMask is not doing enough to steer its users away from potentially harmful websites and downloads, MetaMask’s chief product officer Jacob …
Ethereum / Dec. 3, 2020
FTX customers warned of scammers baiting them with return of assets
Bankrupt crypto exchange FTX has acknowledged a recent spate of third-party scams and frauds aimed at swindling its already-embattled customers. On Feb. 3, FTX issued an alert to its customers regarding recent attempts by fraudsters to scam their customers, including asking them for money, fees, payments or account passwords. “We are aware of active third-party scams and frauds seeking to take advantage of FTX customers,” the company warned. FTX added that its debtors and agents will never ask customers to pay fees or provide account passwords in connection with the “return or prospective return of customer assets,” and encouraged potential …
Business / Feb. 3, 2023
Top 7 cybersecurity jobs in high demand
In today’s digital age, cybersecurity has become a critical aspect of almost every business. Cyber threats are increasing daily, and businesses must take proactive measures to protect their networks and data. As a result, the demand for cybersecurity professionals has skyrocketed. Little Friday humour #meme #cybersecurity @hackurityio pic.twitter.com/MArEpCh03k — Harold De Vries (@devries_harold) February 17, 2023 In this article, we will discuss the top seven cybersecurity jobs that are in high demand. Cybersecurity analyst A cybersecurity analyst is responsible for identifying and mitigating cyber threats to an organization’s network and data. They examine system logs and network traffic to find …
Technology / Feb. 26, 2023