Metamask Users Targeted By New Phishing Campaign

Halborn has issued an alert regarding a fresh phishing scam targeting the users of leading cryptocurrency wallet MetaMask.

Metamask Users Targetted by the New Phishing Campaign

Halborn, a blockchain cybersecurity company, has issued an alert regarding a fresh phishing scam targeting the users of leading cryptocurrency wallet MetaMask.

Tricked into Giving Passphrases

Halborn’s Technical Education Specialist, Luis Lubeck, published a blog post on July 28th, breaking down the newest email phishing campaign targeting MetaMask users. The scam centers around misleading users, thereby tricking them into give up their passphrases. 


The phishing email “informs” users that they need to verify their wallets. To do this, users are prompted to click a malicious “call to action” button, which leads to a fake website requesting a user’s seed phrase. Once the seed is entered, the website forwards to the MetaMask wallet, which is then emptied by the malicious program.

Attention to Detail Is Key

Halborn notes that the email appears genuine at first glance, as the scammers mimic MetaMask’s visual identity, including its header and logo. User instructions on how to comply with ‘know your customer (KYC)‘ requirements for wallet verification also resembles the company’s typical communication.

However, despite these similarities, Halborn highlighted a few warning signs, oh which the two most noticeable were misspellings, and the sender’s email address, which was not the official MetaMask account.

The phishing emails were sent through a phony domain called “ security company further emphasized that the message lacked customization, such as addressing users by specific, individual names—a classic red flag.

MetaMask email phishing

Not the First Attack on Crypto Wallets

This latest phishing attempt is not the only MetaMask vulnerability to have been found by the Halborn firm. In June, the firm’s researchers revealed that users’ private crypto wallet could be found unencrypted on a computer hard drive. Following the revelation, MetaMask patched the exploit from extension versions 10.11.3 onward.

In February, malware called ‘Mars Stealer’ was found to be targeting browser-based cryptocurrency wallets like MetaMask, Coinbase Wallet, Nifty Wallet, Ronin Wallet, MEW CX, Binance Chain Wallet, TronLink, and approximately 40 other crypto wallets.

In April, MetaMask warned the public about phishing attacks targeting Apple’s ‘iCloud’ service. If a user had enabled automatic backups for application data, the seed phrase or “password-encrypted MetaMask vault” would be stored on iCloud, thereby imposing severe security risks for iPhone, Mac, and iPad users.

On the Flipside

  • Non-custodial wallets ensure that users’ assets and transactions are safe from censorship or confiscation.
  • On the other hand, non-custodial wallets place high levels of responsibility upon owners to protect their private keys. The lack of a middleman, as found in traditional banking, means that all transactions are irreversible.

Why You Should Care

  • MetaMask is the world’s leading non-custodial crypto wallet with more than 30 million monthly active users.
  • Cryptocurrency scammers have stolen over $1 billion from 46,000 people since the start of 2021, says CNN.

For more information on MetaMmask and how it works, check out:

Cardano ranks as the top target for phishing attacks – find out more below:

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Paulina Okunyte

Paulina is a writer, reporter, and digital craftswoman. Her educational background extends from anthropology to IT & multimedia. She has experience working with tech startups, as well as mastering the craft of journalism. At DailyCoin, Paulina focuses on the world of metaverses, NFT marketplaces, NFT art, and blockchains backing NFT technology.