Phishing actors target MetaMask users to steal crypto assets

Phishing Threat Actors MetaMask Steal Crypto Assets Crypto Wallet

New warnings were disseminated following a recent phishing campaign launched against the traders of a popular cryptocurrency wallet called MetaMask. According to the reports, the threat operators send phishing emails to the targeted MetaMask users with an attached malicious link that, if clicked, would deceive victims into giving away their credentials and seed phrases.

An analysis was conducted by researchers based on the phishing emails sent by the threat actors. Their observations show that the threat actors have designed the emails to look authentic, even using the MetaMask header and logo. As for the content of the email, it includes a message that tells the recipient to comply with the KYC regulations, with an attached link on how the users can verify their crypto wallets.


Although the email would look authentic to an unaware user, researchers found signs that the email is from threat actors aiming to phish credentials from MetaMask users.


Some signs observed on the email include spelling and grammatical errors and a fake email address used by the email sender to impersonate the crypto wallet. The threat actors also used a fake domain with a spelling error under metamaks[.]auction to send the malicious emails.

If a user hovers over the call-to-action button on the email, it will show a website link to a phishing platform asking the user to key in their crypto wallet’s seed phrases. The tactic would allow the hackers to steal all the digital assets of the victims.

MetaMask has yet to release any statement about the discovered issue.

In related news, another crypto wallet platform, Celcius, was warned about cybersecurity threats against its users after a third-party vendor employee had leaked the database containing its customers’ email addresses.

Furthermore, a new Rust-based malware strain called Luca Stealer was spread by threat actors aiming to infiltrate crypto wallets and steal from victims. MetaMask also suffered from a cyberattack incident in February after threat actors used the Mars Stealer malware strain to empty victims’ crypto wallets.

About the author

Leave a Reply