September 5, 2023 at 16:30 GMTModified date: September 5, 2023 at 16:30 GMT
September 5, 2023 at 16:30 GMT

MetaMask scammers target government websites

Fraudulent copycats of the MetaMask website are scamming victims by stealing their crypto holdings on the Ethereum wallet provider.

MetaMask scammers target government websites

Government websites are redirecting users to counterfeit MetaMask websites. 

Official websites from countries including India, Nigeria, Egypt, Colombia, Brazil, and Vietnam have been targeted by the crypto scam, a CoinTelegraph investigation has found

They have published fraudulent copycats of the Metamask website, designed to scam victims and steal their crypto holdings on the Ethereum wallet provider.

Copycat websites of MetaMask

When users click on certain links within these government websites, they are not taken to the legitimate ‘MetaMask.io’ site. Instead, they find themselves on a scammer’s copy of the website. 

Microsoft’s built-in security feature, Microsoft Defender, does attempt to alert users about the potential phishing threat. However, if this warning is bypassed, users land on a site that closely mimics the official MetaMask interface.

These deceptive sites prompt users to connect their MetaMask wallets to access various services. Once a user links their wallet, the scammers gain full control over the assets stored in that specific MetaMask wallet.

In response to the discovery of these phishing sites, the MetaMask security team commented: “We are building in some heuristics (metadata, indicators, TTPs, etc.) from this current campaign into our detection engines to hopefully detect any more of these attacks as soon as they launch and take steps to take them down before they reach users — or at the very least minimize the exposure.”

MetaMask’s advice

Given the increasing number of attacks targeting cryptocurrency investors, MetaMask has issued advice to its user base. 

They urge users to report any suspicious activity or potential scams.

If there’s a suspicion that a seed phrase has been compromised, MetaMask’s guidance says to stop using the compromised seed recovery phrase immediately and establish a new one using a secure, uncompromised device.

MetaMask also noted that it does not request Know Your Customer (KYC) information from its users.

A history of MetaMask scams

This isn’t the first time MetaMask has been targeted by scammers. The methods usually involve directing unsuspecting users to fake websites that seek access to their MetaMask wallets and steal their funds.

Recent posts on the X social media app (formerly Twitter) have highlighted the experiences of several users who fell victim to such scams. One user posted: “Yesterday my Metamask wallet was hacked by scammers. And I closed my old Opensea account. And I start all over. Be careful friends.”

Another user emphasised that MetaMask never requests account verification. They added that any platform or individual urging users to complete KYC or verify their identity is likely fraudulent.

Earlier this year, there were rumours about a potential MetaMask vulnerability that might have led to the theft of over 5,000 ETH

However, MetaMask denied these claims, clarifying that the Ethereum was taken “from various addresses across 11 blockchains”. 

The wallet stated that any assertion suggesting the funds were stolen directly from MetaMask “is incorrect”.

Increase in crypto scam sites

The digital assets sector has been consistently plagued by frequent scams. Earlier this year, crypto investors were defrauded of up to $4million through deceptive links scattered across the internet, according to a report by ScamSniffer.

“ScamSniffer has investigated multiple cases where users clicked on malicious ads and were directed to fraudulent websites. Investigation into the keywords used by victims has uncovered numerous malicious ads at the forefront of search results,” the handle of the cyber security firm said.

It added: “Most users, unaware of the deceptive nature of search ads, click on the first available option, leading them to malicious websites.”

The security firm said there was a need for Google to implement a “Web3-focused malicious website detection engine”.

Trending