Tricked into Giving Passphrases
Halborn’s Technical Education Specialist, Luis Lubeck, published a blog post on July 28th, breaking down the newest email phishing campaign targeting MetaMask users. The scam centers around misleading users, thereby tricking them into give up their passphrases.
The phishing email “informs” users that they need to verify their wallets. To do this, users are prompted to click a malicious “call to action” button, which leads to a fake website requesting a user’s seed phrase. Once the seed is entered, the website forwards to the MetaMask wallet, which is then emptied by the malicious program.
Attention to Detail Is Key
Halborn notes that the email appears genuine at first glance, as the scammers mimic MetaMask’s visual identity, including its header and logo. User instructions on how to comply with ‘know your customer (KYC)’ requirements for wallet verification also resembles the company’s typical communication.
However, despite these similarities, Halborn highlighted a few warning signs, oh which the two most noticeable were misspellings, and the sender’s email address, which was not the official MetaMask account.
The phishing emails were sent through a phony domain called “metamaks.auction.” The security company further emphasized that the message lacked customization, such as addressing users by specific, individual names—a classic red flag.
Not the First Attack on Crypto Wallets
This latest phishing attempt is not the only MetaMask vulnerability to have been found by the Halborn firm. In June, the firm’s researchers revealed that users’ private crypto wallet could be found unencrypted on a computer hard drive. Following the revelation, MetaMask patched the exploit from extension versions 10.11.3 onward.
⚠Halborn Receives Major Security Bounty from @MetaMask for Critical Discovery⚠
We disclosed a critical vulnerability affecting @MetaMask, @Brave, @Phantom, @xdefi_wallet, and other browser based crypto wallets – A short 🧵 on the vulnerability and how to protect 🔐 yourselves:
— Halborn (@HalbornSecurity) June 15, 2022
In February, malware called ‘Mars Stealer’ was found to be targeting browser-based cryptocurrency wallets like MetaMask, Coinbase Wallet, Nifty Wallet, Ronin Wallet, MEW CX, Binance Chain Wallet, TronLink, and approximately 40 other crypto wallets.
In April, MetaMask warned the public about phishing attacks targeting Apple’s ‘iCloud’ service. If a user had enabled automatic backups for application data, the seed phrase or “password-encrypted MetaMask vault” would be stored on iCloud, thereby imposing severe security risks for iPhone, Mac, and iPad users.
On the Flipside
- Non-custodial wallets ensure that users’ assets and transactions are safe from censorship or confiscation.
- On the other hand, non-custodial wallets place high levels of responsibility upon owners to protect their private keys. The lack of a middleman, as found in traditional banking, means that all transactions are irreversible.
Why You Should Care
- MetaMask is the world’s leading non-custodial crypto wallet with more than 30 million monthly active users.
- Cryptocurrency scammers have stolen over $1 billion from 46,000 people since the start of 2021, says CNN.
For more information on MetaMmask and how it works, check out:
Cardano ranks as the top target for phishing attacks – find out more below: