CipherTrace warns of surge in funds lost to MetaMask phishers

Published at: Dec. 3, 2020

Cyber Security firm CipherTrace has issued a warning after noting a surge in reports over the past 24 hours of user funds being stolen by a malicious Chrome browser extension posing as popular crypto wallet MetaMask.

The warning was issued under the headline, “ALERT: Malicious Crypto Browser Extension — Masked MetaMask” and reported the company had seen “an uptick of alerts and comments within the online cryptocurrency community of users’ funds being stolen.”

In response to online criticism that MetaMask is not doing enough to steer its users away from potentially harmful websites and downloads, MetaMask’s chief product officer Jacob Cantele asked Twitter what more the company should do:

“How can we improve? Currently we’re warning in multiple places within the product, we maintain a phishing detector that warns about tens of thousands of malicious sites, we do regular security marketing campaigns, and we have legal resources to trying to get these sites removed.”

Links to fake MetaMask sites are being inadvertently reposted by cryptocurrency projects and reportedly show up frequently as Google Ads above the first result in Google searches for the term “metamask.”

Phishing warning? @Google is allowing a phisher to buy sponsored ads on their search results. When using crypto, try to use direct links, and if you need to use search, watch out for sponsored links! pic.twitter.com/Fx4WArcH80

— MetaMask (@metamask_io) December 2, 2020

The scam works like this: After arriving at a phishing website that looks just like the real MetaMask site or downloading a malicious browser extension, users are directed to enter their 12 word seed to connect their wallet. The seed is then captured by the phisher and the wallet is drained of its funds.

METAMASK SCAM!A friend of mine got his account drained. He googled "metamask", clicked on the 1st link (ad) that came up which prompted him to download the fake metamask plugin. As soon as he installed it everything from his account was drained. Share Retweet! pic.twitter.com/OO9tkq1N6k

— Value-Trader (@AbizMind) November 29, 2020

MetaMask stated that the best way to avoid being phished is to download the software only from its official site, or from inside the Google Chrome store, but never by clicking links on other websites.

For those who already have the MetaMask Chrome extension installed, MetaMask will display a warning in bright red if a user attempts to visit a website previously reported as a phishing site.

MetaMask users who are unsure if a website has been reported as malicious are encouraged to visit CryptoScamDB and enter the website URL or IP address where it will be cross-referenced against a database of reported scam and phishing websites.

In October, MetaMask announced that it had surpassed one million active users on a monthly basis, largely thanks to the acceleration of the DeFi trend over the summer and fall. Rising Ether (ETH) prices and a large user base suggest this type of phishing attack won’t be going away anytime soon.

Tags
Related Posts
Crypto hacks are set to hit all-time highs in 2022, analyst explains
Reducing the amount of hacking by improving cybersecurity should be considered a top priority for the crypto industry, said Kim Grauer, director of research of blockchain intelligence firm Chainalysis. As pointed out by the firm, this year could outpace 2021 in terms of crypto stolen through hacks. The vast majority of these exploits have been targeting the field of decentralized finance. “This can't go on in the industry because people are going to lose faith in investing in DeFi platforms”, Grauer said in an interview with Cointelegraph. Unlike centralized exchanges, which have improved their resiliency to crypto hacks, decentralized protocols …
Blockchain / Oct. 19, 2022
How to avoid getting hooked by crypto ‘ice phishing’ scammers — CertiK
Blockchain security company CertiK has reminded the crypto community to stay alert over “ice phishing” scams — a unique type of phishing scam targeting Web3 users — first identified by Microsoft earlier this year. In a Dec. 20 analysis report, CertiK described ice phishing scams as an attack that tricks Web3 users into signing permissions which end up allowing a scammer to spend their tokens. This differs from traditional phishing attacks which attempt to access confidential information such as private keys or passwords, such as the fake websites set up which claimed to help FTX investors recover funds lost on …
Blockchain / Dec. 21, 2022
BitKeep exploiter used phishing sites to lure in users: Report
The Bitkeep exploit that occurred on Dec. 26 used phishing sites to fool users into downloading fake wallets, according to a report by blockchain analytics provider OKLink. The report stated that the attacker set up several fake Bitkeep websites which contained an APK file that looked like version 7.2.9 of the Bitkeep wallet. When users “updated” their wallets by downloading the malicious file, their private keys or seed words were stolen and sent to the attacker. 【12-26 #BitKeep Hack Event Summary】 1/n According to OKLink data, the bitkeep theft involved 4 chains BSC, ETH, TRX, Polygon, OKLink included 50 hacker …
Ethereum / Dec. 26, 2022
Can real-time transaction simulations prevent scammers from stealing crypto assets?
This year was a turbulent one for the whole crypto space. From NFTs to DeFi and exchanges, all areas of the industry felt the cold blows of crypto winter. Unfortunately, such an unfavorable climate is the perfect breeding ground for scammers to exploit distressed investors’ crypto wallets. The most recent examples of crypto scams include hackers stealing NFTs through over 500 fake phishing domains, while robocallers started targeting FTX customers in the aftermath of the exchange’s crash. Such malicious attacks have become an everyday occurrence in the space, and the crypto community is actively working on protective measures. On one …
Blockchain / Jan. 6, 2023
Overview of Software Wallets, the Easy Way to Store Crypto
Similar to a bank account for fiat currency, a crypto wallet is a personal interface for a cryptocurrency network that provides reliable storage and enables transactions. Whether a cryptocurrency is securely stored or not, much depends on the wallet, which is only as secure as its private keys. Wallets are generally either hot or cold. The funds in a hot wallet can be spent at any time, online. A cold wallet functions in contrast: not intended for regular cryptocurrency transactions, but funds can be received at any time. Wallets can also be divided into three groups: software, hardware and paper. …
Blockchain / March 29, 2020