CipherTrace warns of surge in funds lost to MetaMask phishers

Cyber Security firm CipherTrace has issued a warning after noting a surge in reports over the past 24 hours of users funds being stolen by a malicious Chrome browser extension posing as popular crypto wallet MetaMask.

The warning was issued under the headline “ALERT: Malicious Crypto Browser Extension—Masked MetaMask” and reported the company had seen “an uptick of alerts and comments within the online cryptocurrency community of users’ funds being stolen.”

In response to online criticism that MetaMask is not doing enough to steer its users away from potentially harmful websites and downloads, MetaMask’s Chief Product Officer Jacob Cantele asked Twitter what more the company should do?

“How can we improve? Currently we’re warning in multiple places within the product, we maintain a phishing detector that warns about tens of thousands of malicious sites, we do regular security marketing campaigns, and we have legal resources to trying to get these sites removed.”

Links to fake MetaMask sites are being inadvertently reposted by cryptocurrency projects and reportedly show up frequently as Google Ads above the first result in Google searches for the term “metamask.”

The scam works like this: After arriving at a phishing website that looks just like the real MetaMask site or downloading a malicious browser extension, users are directed to enter their 12 word seed to connect their wallet. The seed is captured by the phisher and the wallet drained of funds.

MetaMask stated that the best way to avoid being phished is to download the software only from its official site, or from inside the Google Chrome store, but never by clicking links on other websites.

For those who already have the MetaMask Chrome extension installed, MetaMask will display a warning in bright red if a user attempts to visit a website previously reported as a phishing site.

MetaMask users who are unsure if a website has been reported as malicious are encouraged to visit CryptoScamDB and enter the website URL or IP address where it will be cross-referenced against a database of reported scam and phishing websites.

In October, MetaMask announced that it had surpassed one million active users on a monthly basis, largely thanks to the acceleration of the DeFi trend over the summer and fall. Rising Ether prices and a large user base suggest this type of phishing attack won’t be going away anytime soon.