The popular cryptocurrency wallet MetaMask warned its customers of a new phishing bot that attempts to get their seed phrases. According to the team, the fraud tries to lead users to a so-called ”instant support” portal where they are prompted to enter information into a Google Docs form.
Cryptocurrency wallet MetaMask has warned users of a new phishing scam that fronts as an ‘instant support’ site, asking users to input the seed phrases of their wallet to a particular Google Docs.
MetaMask revealed the phishing scam via its official Twitter account, alerting users that the scammers are using accounts that seem genuine to deceive their victims.
The New Scam
🚨PHISHING ALERT!: a new type of phishing bot is becoming active. 🎣— MetaMask (@MetaMask) May 3, 2021
👨🏻Comes from an account that looks “normal” (but few followers)
📑Helpfully suggests filling out a support form on a major site like Google sheets (hard to block).
🪝Asks for your secret recovery phrase. pic.twitter.com/EeHumnmzbE
MetaMask – a project focused on Ethereum-based tools and infrastructure – tweeted today (May, 3rd) revealing a new fraud that attempts to harm users of the platform. The organization indicated that the scam occurs as ”normal” and ”asks for your recovery passphrase,” but it is all a hoax, and users should be extra careful.
The phishing bot seeks to guide users to an ”instant support” portal, and then it prompts them to enter personal information into a Google Docs form. To shred any doubt, MetaMask informed that it does not have a Google-based backing system. The team advised users to reach for support via the ”Get help” option in the MetaMask application itself.
The cryptocurrency wallet also advised its customers to notify them about the phishing bot as the MetaMask app has this option on its platform.
Despite the alert, numerous users have complained that they have been attacked before. One of the people showed his frustration on Tweeter and raised concerns on how to return his tokens:
So I assume we cannot retrieve all our token right !? I assume a lot of people have been robbed yesterday because of that ..— Mathieu Merlet (@MerletMathieu) May 3, 2021
The More Users, The More Attacks
MetaMask has seen real progress recently. The wallet is now being used by more than 5 million people – a substantial milestone, showing the growth in the entire ecosystem and especially in DeFi.
Interestingly enough, MetaMask finds huge popularity in southern countries where many people experience problems with the local banking system and see the wallet as a safe and trustworthy option. Some of the nations in the top 10 list include India, Indonesia, Vietnam, and Nigeria.
But with the increased total of MetaMask users comes the problem with security as it is hard to protect a number of customers from the wit of hackers.
The new phishing bot is not the first attempt to scam people out of their crypto.
Previously, the company behind one of the most commonly used hardware wallets, Ledger, saw its database leaked, revealing the personal information of many users.
How users can protect their account
The ‘rotten seed phase” attack is one of the notable scams where threat actors generate seed phrases that can be co-opted when users fund their accounts.
The wallet provider advised users that they should utilize the official link to MetaMask’s support system to avoid being a victim of the scam. MetaMask has provided the link on the “Get Help” section of the MetaMask app. there is also a provision for users to report phishing scams to help reduce the level of the scammers’ activities on the app.