MetaMask scammers take over government websites to target crypto investors

5 September 2023

Cointelegraph By Arijit Sarkar

Official government websites from India, Nigeria, Egypt, Colombia, Brazil, Vietnam and other jurisdictions have been found redirecting to fake MetaMask websites.

News

Join us on social networks

Crypto scams targeting MetaMask users are using government-owned website URLs to con victims and access their crypto wallet holdings.

Ethereum-based crypto wallet MetaMask has been a long-standing target for scammers — which involves redirecting unwary users to fabricated websites that request access to the MetaMask wallets. Cointelegraph’s investigation on the matter found numerous government-owned websites being used to perpetrate this exact scam.

Official government websites from India, Nigeria, Egypt, Colombia, Brazil, Vietnam and other jurisdictions have been found redirecting to fake MetaMask websites, as shown below.

MetaMask scammers use government websites to steal from crypto users. Source: Cointelegraph (via Google)

Cointelegraph alerted MetaMask about the ongoing scams and received an immediate acknowledgment. According to the MetaMask security team, Web3’s incredible growth potential makes the ecosystem attractive for scammers and thieves.

Once a user clicks on any of the rogue links placed within the government website URLs, they are redirected to a fake URL instead of the original URL “MetaMask.io.” Once accessed, Microsoft’s built-in security — Microsoft Defender — warns users about a possible phishing attempt.

Microsoft’s warning against the MetaMask phishing websites. Source: Cointelegraph

If users ignore the warning, they are greeted by a website resembling the official MetaMask website. The fake websites will eventually ask the users to link their MetaMask wallets to access various services on the platform.

Comparison between the original and fake MetaMask websites. Source: Cointelegraph

The above screenshot shows the similarity between the real and fake MetaMask websites, which is one of the main reasons investors fall for the scam. Linking MetaMask wallets on such websites gives scammers complete control over the assets held on those particular MetaMask wallets.

With regard to the phishing websites uncovered by Cointelegraph, MetaMask security team stated:

“We are building in some heuristics (metadata, indicators, TTPs, etc.) from this current campaign into our detection engines to hopefully detect any more of these attacks as soon as they launch and take steps to take them down before they reach users — or at the very least minimize the exposure.”

Amid growing attacks on crypto investors, MetaMask encourages potential victims to report possible scams.

In case of a seed phrase compromise, MetaMask advises users to stop using the seed recovery phrase and create a new one from a device that has not been compromised. Readers are also advised that MetaMask does not collect Know Your Customer information from its users.

Related: Scam alert: MetaMask warns users of deceptive March 31 airdrop rumors

In April, MetaMask denied claims of an exploit that potentially drained over 5,000 Ether (ETH).

Recent reporting on @tayvano_‘s thread has incorrectly claimed that a massive wallet draining operation is a result of a MetaMask exploit.

This is incorrect. This is not a MetaMask-specific exploit. https://t.co/MiJ3QgslMy

— MetaMask (@MetaMask)

April 18, 2023

The wallet provider said the 5,000 ETH was stolen “from various addresses across 11 blockchains,” reaffirming the claim that funds were hacked from MetaMask “is incorrect.”

Speaking to Cointelegraph, Wallet Guard co-founder Ohm Shah said the MetaMask team has been “researching tirelessly,” and there is “no solid answer to how this has happened.”

Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.

Magazine: How to protect your crypto in a volatile market: Bitcoin OGs and experts weigh in

  

You might also like

Open chat
1
BlockFo Chat
Hello 👋, How can we help you?
📱 When you've pressed the BlockFo button, we automatically transfer to WhatsApp 🔝🔐
🖥️ Or, if you use a PC or Mac, then we'll open a new window to load your desktop app.