Scammers targeting MetaMask users have escalated their tactics by employing URLs from government-owned websites to deceive victims into accessing their cryptocurrency wallets. MetaMask, a popular Ethereum-based crypto wallet, has long been a favored target for such scams, often involving the redirection of unsuspecting users to fraudulent websites that request access to their MetaMask wallets. A multiple government-owned websites from various countries, including India, Nigeria, Egypt, Colombia, Brazil, and Vietnam, were being utilized in this scam.
Once users click on a malicious link within the government website's URL, they are redirected to a fake URL resembling "MetaMask.io." At this point, Microsoft's built-in security feature, Microsoft Defender, often issues a warning about potential phishing attempts. However, should users disregard the warning, they are presented with a website remarkably similar to the official MetaMask site. This counterfeit website then prompts users to link their MetaMask wallets for access to various platform services.
The visual similarity between genuine and fake MetaMask websites is a significant factor that lures investors into falling victim to the scam. Should users proceed to link their MetaMask wallets on these fraudulent sites, scammers gain full control over the assets stored in those specific wallets. response to the phishing sites detected the MetaMask security team revealed they are incorporating heuristics from ongoing campaigns into their detection engine. This step aims to identify these attacks as they emerge and take preventive measures to minimize exposure to potent ial victims.
As cryptocurrency-related attacks continue to rise, MetaMask advises potential targets to promptly report suspected scams. In cases where a seed phrase has been compromised, users are urged to cease using that recovery phrase and create a new one from a sec ure, uncompromised device. MetaMask emphasizes that it does not collect know-your-customer information from its users and refutes claims of a hack involving 5,000 ETH, reiterating that these assertions are incorrect.
Wallet Guard co-founder Ohm Shah noted that the MetaMask team has been actively researching the issue but has not yet found concrete answers regarding how the scam occurred.
