Blockchain security firm warns of new MetaMask phishing campaign

A cybersecurity firm has issued warnings about a new phishing campaign targeting users of the popular cryptocurrency wallet MetaMask.

In a post on Thursday written by Halborn tech education specialist Louis Lubeck, an active phishing campaign used emails to target MetaMask users and trick them into giving out their passphrase.

The company analyzed scam emails it received in late July to warn users about the new scam. Halborn noted that at first glance, the email looks authentic with a MetaMask header and logo and with messages telling users to comply with Know Your Customer (KYC) regulations and how to check their wallets.

However, Halborn also noted that there were several red flags in the letter. Spelling errors and a fake email address were some of the most obvious. Furthermore, a fake domain called metamaks.auction was used to send the scam emails.

Phishing attacks are social engineering attacks that use targeted emails to lure victims into revealing more personal data or clicking links to malicious websites that try to steal encryption.

The company indicated there was no customization in the message, which is another warning sign. Hovering over the call-to-action button exposes the malicious link to a fake website that prompts users to enter their initial phrase before redirecting to MetaMask to empty their encrypted wallets.

Halborn, which raised $90 million in a Series A round in July, was founded in 2019 by an ethical hacker providing blockchain and cybersecurity services.

In June, Halborn researchers discovered a case in which a user’s private keys could be found unencrypted on a disk in a compromised computer. MetaMask patched its extension versions 10.11.3 and later after the discovery.

However, there was no mention of the new email phishing threat on Twitter’s MetaMask feed at the time of writing.

Related: Phishing risk escalates with confirmation of the degree of leakage of customer emails

Last week, Celsius users were warned of the phishing risk after customer emails were leaked by a third-party vendor employee.

In late July, security researchers warned that a new strain of malware called Luca Stealer was emerging in the wild. The information thief is written in the Rust programming language and targets Web3 infrastructure such as crypto wallets. Similar malware called Mars Stealer targeting MetaMask wallets was discovered in February.