Key Highlights
- A new MetaMask phishing scam tricks users with fake 2FA screens, aiming to steal seed phrases and drain wallets instantly.
- Crypto phishing and social engineering remain top threats—scammers impersonate wallets, exchanges, or support to steal funds.
- Physical attacks like wrench scams are rising; using hardware wallets, multisig accounts, and safeguarding keys is essential.
Crypto users are under attack from a new MetaMask phishing scam targeting wallet seed phrases. According to SlowMist’s Chief Security Officer (CSO) im23pds, scammers are copying MetaMask security alerts to trick users into fake two-factor authentication (2FA) steps.
The scam begins with a forged security warning and ends with prompting victims to enter their wallet recovery phrases. The hackers’ goal is simple: drain wallets instantly and leave users with no recourse.
The phishing pattern involves a number of steps. Users are introduced to a fake security alert page that looks like MetaMask. Later, a fake 2FA page is displayed. In most cases, a timer is used alongside. Users are asked to provide seed phrases. They are told this will secure their accounts.
Once users submit the phrases, attackers gain full access, emptying the wallets in seconds. Social media posts have flagged the danger. An X user, SECUR3, reported a victim losing $50,000 in just 10 seconds after clicking a fake “MetaMask urgent update” link.
Phishing attacks on crypto platforms
Phishing attacks are the leading source of crypto losses. In the view of SECUR3, scammers pretend to represent a crypto wallet, exchange, or project in order to dupe victims into handing over their private keys. The scam may involve a misleading airdrop URL in a direct message or near-perfect scam websites.
For instance, scammers may develop sites such as “metamask-io[.]com” to resemble legitimate sites. SECUR3 pointed out, “Enter seed phrase to fix/sync/claim” is always a scam. No legit wallet will ask for such information.
Besides digital phishing, social engineering attacks have also surged. In a recent research, on-chain sleuth ZachXBT identified a Canadian threat actor impersonating Coinbase support. Over the past year, this scam reportedly stole more than $2 million. Attackers used phone calls and fake conversations to persuade victims to approve unauthorized transactions.
In a similar kind of attack, in July 2023, Yazan described a scam in which X users lost $70,000 to the imitation accounts of MetaMask bots. These examples demonstrate the need to be cautious online.
Physical threats and wrench attacks
These dangers extend well past web scams. Wrench attacks, whereby robbers physically intimidate people to steal their crypto, have started to increase across Europe, Asia, as well as the U.S. An example is the recent November 2025 attack on a citizen of San Francisco, where the thief masqueraded as a delivery driver to steal Ethereum worth $11 million.
Duct tape, assault, and loudspeaker intimidation were the methods that the criminal resorted to for access to the wallets. Two months ago, two brothers from Texas were also charged by the federal authorities with kidnapping and stealing $8 million of cryptocurrency.
Also Read: PeerDAS & ZKEVMs Mark Structural Changes in Ethereum, Says Vitalik