Cyber security company CipherTrace issued a warning after seeing a surge in reports over the past 24 hours that user funds were stolen by a malicious Chrome browser extension masquerading as the popular MetaMask crypto wallet.
The warning was headed “ALERT: Malicious Crypto Browser Extension – Masked MetaMask” and reported that the company had seen “an increase in warnings and comments within the online cryptocurrency community of stolen user funds.”
In response to online criticism that MetaMask is not doing enough to discourage users from potentially harmful websites and downloads, Jacob Cantele, MetaMask’s chief product officer, asked Twitter what else the company should do.
“How can we improve? Currently we have multiple warnings in the product, we have a phishing detector that warns of tens of thousands of malicious websites, we run regular security marketing campaigns, and we have legal resources to try to remove those websites . “
Links to fake MetaMask websites are accidentally republished by cryptocurrency projects and are reported to often appear as Google ads above the first result of Google searches for the term “Metamask”.
Phishing warning? @Google enables a phisher to buy sponsored ads in their search results. When using crypto, try to use direct links. If you need to use search, watch out for sponsored links! pic.twitter.com/Fx4WArcH80
– MetaMask (@metamask_io) December 2, 2020
The scam works like this: after users visit a phishing website that looks exactly like the real MetaMask website or download a malicious browser extension, they are instructed to enter their starting 12-word value to link their wallet . The seeds are caught by the phisher and the purse emptied.
A friend of mine emptied his account. He googled “Metamask” and clicked the first link (ad) that came up, prompting him to download the fake Metamask plugin. Once he installed it, everything was cleared from his account. Share Retweet! pic.twitter.com/OO9tkq1N6k
– Value Trader (@AbizMind) November 29, 2020
MetaMask stated that the best way to avoid phishing is to only download the software from the official website or the Google Chrome Store, but never by clicking links on other websites.
For those who already have the MetaMask Chrome Extension installed, MetaMask will display a bright red warning when a user tries to visit a website that was previously reported as a phishing site.
MetaMask users who are unsure whether a website has been reported as malicious are prompted to visit CryptoScamDB and enter the website URL or IP address that references a database of reported scam and phishing websites .
In October, MetaMask announced that it had exceeded one million active users per month, largely due to the acceleration in the DeFi trend over the summer and fall. Rising ether prices and a large user base suggest that this type of phishing attack is not going to go away anytime soon.