Blockchain Security Company Warns of New MetaMask Phishing Campaign

A cybersecurity firm has issued warnings about a new phishing campaign targeting users of the popular MetaMask crypto wallet.

In a Thursday article by Halborn technical education specialist Luis Lubeck, the active phishing campaign used emails to target MetaMask users and trick them into giving up their passphrase.

The company analyzed fraudulent emails it received in late July to warn users about the new scam. Halborn noted that at first glance the email appears authentic with a MetaMask header and logo and with messages that tell users to comply with Know Your Customer (KYC) regulations and how to verify their wallets.

However, Halborn also noted that there were several red flags in the post. Spelling mistakes and the wrong sender email address were two of the most obvious. Additionally, a fake domain called was used to send the phishing emails.

Phishing attacks are social engineering attacks that use targeted emails to trick victims into revealing more personal data or clicking on links to malicious websites that attempt to steal crypto.

There was also no personalization in the message, the firm noted, which is another warning sign. Hovering over the call-to-action button reveals the malicious link to a fake website that prompts users to enter their seed phrases before being redirected to MetaMask to empty their crypto wallets.

Halborn, which raised $90 million in a Series A round in July, was founded in 2019 by ethical hackers offering blockchain and cybersecurity services.

In June, Halborn researchers discovered a case where a user’s private keys could be found unencrypted on a disk of a compromised computer. MetaMask patched its extension versions 10.11.3 and later after discovery.

However, there was no mention of the new email phishing threat on MetaMask’s Twitter feed at the time of writing.

Related: Phishing risks rise as Celsius confirms leaked customer emails

Last week, Celsius users were warned of a phishing threat following the leaking of customer emails by an employee of a third-party vendor.

At the end of July, security researchers warned that a new strain of malware called Luca Stealer was appearing in the wild. The infostealer was written in the Rust programming language and targets Web3 frameworks such as crypto wallets. Similar malware called Mars Stealer was discovered targeting MetaMask wallets in February.