Blockchain security firm warns of new MetaMask phishing campaign


A cybersecurity firm has issued warnings about a new phishing campaign targeting users of the popular MetaMask crypto wallet.

In a July 28 post written by Halborn tech education specialist Luis Lubeck, the active phishing campaign used emails to target MetaMask users and trick them into giving out their passphrase.

The company analyzed scam emails it received in late July to warn users about the new scam. Halborn noted that at first glance, the email looks authentic with a MetaMask header and logo, and with messages telling users to comply with KYC regulations and how to verify their wallets.

However, Halborn also noted that there are several red flags within the message. Spelling errors and the fake sender’s email address were two of the most obvious. In addition, a fake domain called was used to send the phishing emails.

Phishing is a social engineering attack using targeted emails to lure victims into revealing more personal data or clicking links to malicious websites that attempt to steal crypto.

There was also no personalization in the message, the company noted, which is another warning sign. Hovering over the call to action button reveals the malicious link to a fake website that prompts users to enter their seed phrases before redirecting to MetaMask to empty their crypto wallets.

Halborn, which raised $90 million in a Series A round in July, was founded in 2019 by ethical hackers offering blockchain and cybersecurity services.

In June, Halborn researchers discovered a case where a user’s private keys could be found unencrypted on a disk in a compromised computer. Metamask patched up its extension versions 10.11.3 and later following the discovery.

However, there was no mention of the new email phishi threat in MetaMask’s Twitter feed at the time of writing.

Related: Phishing risks increase as Celsius confirms customer emails are leaked

Last week, Celsius users were warned of a phishing threat after the leak of customer emails by a third-party vendor employee.

In late July, security researchers warned of a new malware strain called Luca Stealer appearing in nature. The information thief was written in the Rust programming language and targets Web3 infrastructure such as crypto wallets. Similar Malware called Mars Stealer was discovered targeting MetaMask wallets in February.