MetaMask Users Targeted in New 2FA Seed Phrase Phishing Scam

2 mins mins

In Brief

Phishing emails urge users to “enable 2FA,” redirecting them to fake MetaMask sites.
Victims are tricked into entering wallet seed phrases, giving scammers full access.
Security firms warn losses are rising and remind users MetaMask never asks for phrases.

A new phishing scam is actively targeting MetaMask users through fake two-factor authentication (2FA) alerts sent by email. These emails falsely claim that users must activate 2FA by a deadline to keep their wallet access secure.

Scammers use this tactic to trick users into entering their wallet seed phrases on a fake MetaMask-like website. The phishing messages contain official branding and encourage urgency with countdowns and security warnings.

Clicking the email link redirects victims to a typosquatted domain closely resembling MetaMask’s official site. The fake website mimics the MetaMask interface and uses fake security confirmations to appear legitimate.

The final step prompts users to input their 12- or 24-word seed phrase under the pretense of completing verification. Once entered, attackers instantly gain full access to the wallet and can transfer all funds to their own accounts.

The entire process is designed to create trust and rush users into action without double-checking the source.

Security Firms Warn as Losses Mount and Users Fall Victim

Cybersecurity firm SlowMist first flagged the scam on January 5, warning users to avoid entering sensitive data on suspicious sites. The firm confirmed that attackers used realistic phishing sites and fake 2FA interfaces to collect wallet credentials.

Many victims received emails titled “Secure Your Wallet with 2FA” or “Enable 2FA Now,” which misled them into compliance. Early reports suggest the scam has already drained hundreds of wallets, often stealing amounts between $500 and $2,000.

Stolen funds are quickly transferred to attacker-controlled addresses, making recovery nearly impossible for most users. Although MetaMask remains secure, the scam exploits human error and trust in security procedures.

MetaMask has urged users to verify links and avoid entering seed phrases on any site or via unsolicited emails. The company reminded users that it never asks for seed phrases and doesn’t initiate emails about 2FA or security updates.

DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.