Blockchain security firm warns of new MetaMask phishing campaign

Blockchain security firm Halborn has warned users of the latest phishing emails doing the rounds.

A cybersecurity firm has issued warnings over a new phishing campaign targeting users of the popular crypto wallet MetaMask.

In a July 28 post written by Halborn’s technical education specialist Luis Lubeck, the active phishing campaign used emails to target MetaMask users and trick them into giving out their passphrase. 

The firm analyzed scam emails it received in late July to warn users of the new scam. Halborn noted that at initial glance, the email looks authentic with a MetaMask header and logo, and with messages that tell users to comply with KYC regulations and how to verify their wallets.

However, Halborn also noted there are several red flags within the message. Spelling errors and a fake sender’s email address were two of the most obvious. Furthermore, a fake domain called metamaks.auction was used to send the phishing emails.

Phishing is a social engineering attack using targeted emails to lure victims into revealing more personal data or clicking links to malicious websites that attempt to steal crypto.

There was also no personalization in the message, the firm noted, which is another warning sign. Hovering over the call to action button reveals the malicious link to a fake website which prompts users to enter their seed phrases before redirecting to MetaMask to empty their crypto wallets.

Halborn, which raised $90 million in a Series A round in July, was founded in 2019 by ethical hackers offering blockchain and cyber security services.

In June, Halborn researchers discovered a case where a user’s private keys could be found unencrypted on a disk in a compromised computer. MetaMask patched its extension versions 10.11.3 and later following the discovery.

However, there was no mention of the new email phishi threat on MetaMask’s Twitter feed at the time of writing.

Related: Phishing risks escalate as Celsius confirms client emails leaked

Last week, Celsius users were warned of a phishing threat following the leak of customer emails by a third-party vendor employee.

In late July, security researchers warned of a new malware strain called Luca Stealer appearing in the wild. The information stealer has been written in the Rust programming language and targets Web3 infrastructure such as crypto wallets. Similar Malware called Mars Stealer was discovered targeting MetaMask wallets in February.

Related Posts

Crypto-focused venture firm Dragonfly acquires hedge fund: Bloomberg

Amid the grueling bear market for Bitcoin, Ether and altcoins, the cryptocurrency industry is undergoing consolidation. Cryptocurrency venture firm Dragonfly has acquired a digital asset-focused investment fund…

Binance distances from WazirX as Indian regulators keep chasing crypto

The ownership of WazirX became a hot topic as CZ claimed the deal never went through, but three years later, there’s still no clarity. The Twitter exchange…

Saddle Finance Redefines Trading of Pegged Value Assets with Ease And Security

Are you ready to Saddle up? A decentralized finance platform architectured to facilitate efficient trade between pegged crypto assets is now one of the most prominent names…

How Revolut Will Launch New Crypto Platform, Cyprus Grants Authorization

Per a report from Atlfi, fintech company Revolut will be able to offer more crypto products to its customers. The one-stop app for “all things money” has…

Biggest Movers: SHIB Remains Near 3-Month High, Whilst LEO Hits 2-Week High 

Shiba inu remained close to a three-month high to start the week, after breaking out of a key resistance level over the weekend. The surge of the…

Bitcoin Dominance Rate (BTCD) Continues to Fall as Ethereum (ETH) Increases

The Bitcoin dominance rate (BTCD) has broken down from its long-term bullish structure, while the ETH/BTC chart shows potential for upside. Between May and Dec 2021, BTCD…

Generated by Feedzy