Crypto scammers targeting MetaMask users are using URLs of various government websites to deceive users and gain access to their crypto wallets. By redirecting users to fake MetaMask websites, scammers are able to obtain personal information and wallet access. These attacks have become more appealing with the growth of Web3, and the MetaMask security team advises users to take precautions. Users should be cautious of fake websites and protect their seed phrases.
Ethereum-based crypto wallet MetaMask continues to be a long-standing target for scammers, including a scheme that redirects unsuspecting users to fake websites requesting access to their MetaMask wallets. Research on this matter has revealed the use of numerous government websites from India, Nigeria, Egypt, Colombia, Brazil, Vietnam, and other jurisdictions redirecting to fake MetaMask websites, as shown below.
According to the MetaMask security team, the incredible growth potential of Web3 makes the ecosystem attractive to scammers and thieves. When a user clicks on any of the fake links embedded within the URLs of government websites, they are redirected to a fake URL instead of the original MetaMask site. Once access is gained, Microsoft Defender, Microsoft’s security firewall, warns users of a possible phishing attempt.
If users ignore the warning, they are greeted by a website resembling the official MetaMask website. These fake websites eventually prompt users to connect their MetaMask wallets to access various services on the platform.
The screenshot below demonstrates the similarity between real and fake MetaMask websites, which is one of the main reasons why investors fall for this scam. Connecting MetaMask wallets to such websites gives scammers complete control over the assets held in those specific MetaMask wallets.
The MetaMask security team stated the following:
“By adding these current methods (metadata, indicators, TTPs, etc.) to our detection engines, we hope to detect and remove these attacks as they launch, or at least minimize exposure before they reach users.”
Amid increasing attacks on crypto investors, MetaMask encourages potential victims to report possible scams. In case a seed phrase is compromised, MetaMask advises users to stop using the compromised seed recovery phrase and generate a new one from an uncompromised device. In April, MetaMask denied allegations of an exploit potentially draining over 5,000 Ethereum.