Google DocsHackmetamaskPhishingscam

MetaMask warns of new phishing bot

The latest MetaMask phishing scam asks users for their seed phrase in a Google Docs form posing as an official support portal.

Crypto wallet provider MetaMask has alerted its users of a new phishing bot that attempts to steal their seed phrases.

In a tweet published Monday, May 3, MetaMask warned users that the bot attempts to direct users to a purported “instant support” portal where they are prompted to enter information into a Google Docs form.

The form asks for the secret recovery phrase that can be used to respawn users’ crypto wallets. MetaMask stated that it does not have a Google Docs-based support system, urging users to seek support from the “Get Help” option within the MetaMask app itself to avoid being scammed.

MetaMask also encourages users to report scams impersonating the wallet and its services, noting customers can do so in the app.

Despite MetaMask warning its users of the phishing bot, some of its users appear to have already been scammed, with one Twitter user replying: “so there is no way to get back our token right ?”

Due to its popularity, MetaMask is one of the top targets for hackers and scammers. On April 27, the developer behind the wallet, ConsenSys, reported that it had hit a record five million active monthly users.

Phishing attacks are a social engineering technique used by scammers to lure users into completing an action that reveals personal information or account details.

In December 2020, MetaMask detailed a “rotten seed phrase attack”, in which a malicious website mimics the website of the wallet the user is trying to install. The fake website generates a seed phrase that enables the scammers to control the wallet once it has been installed.

It is not just beginner users who may fall victim to phishing scams, with a hacker fooling Nexus Mutual founder Hugh Karp into transferring roughly 370,000 Nexus Mutual tokens (NXM) worth $8 million to a wallet under their control at the end of 2020.

Ledger users have also been inundated with phishing attempts, with two major breaches of company servers resulting in the leaking of personal information including email addresses, phone numbers, and even physical addresses.


Story Originated on Cointelegraph

Related posts
DeFiExploitHackRari Capital

Rari Capital allocates $26M from developer fund to compensate hack victims

Up to $26 million worth of Rari’s governance token may be distributed among users impacted by a hack that drained $10 million from the protocol this past weekend. Following a $10 million exploit over the weekend, decentralized finance protocol Rari…
ExploitHackRari CapitalRGT

Rari Capital falls victim to $11 million exploit

Rari’s RGT token is plummeting on the news. After a $11 million attack earlier today, Rari Capital is the latest decentralized finance (DeFi) protocol to fall victim to a high-priced exploit  The platform, which builds optimized yield vaults and boutique…
ExploitHackLarva LabsMeebitsNFTNFTs

$85 million ‘Meebits’ NFT project exploited; attacker nabs $700,000 collectible

The team has paused minting, and will have to use a manual workaround to prevent further exploits. Legendary NFT developers Larva Labs were the victims of an exploit this morning, as an attacker found a way to mint a rare…