Fake MetaMask 2FA security checks lure users into sharing recovery phrases

According to SlowMist, attackers are impersonating MetaMask, aiming to steal users’ secret recovery phrases.

Crypto investors are being targeted by a new phishing campaign that impersonates MetaMask and tricks users into handing over their wallet recovery phrases, according to the blockchain security firm SlowMist.

The attackers are impersonating a two-factor authentication (2FA) security verification flow, which redirects users to fraudulent domains through fake security warnings that request users’ seed phrases.

When a user shares a wallet recovery phrase, the funds from the wallet are stolen, warned SlowMist's chief security officer, 23pds, in a Monday X post.

Read more