Cyber Security company CipherTrace has one warning after seeing an increase in the number of reports in the last 24 hours that user funds were stolen by a malicious Chrome browser extension posing as popular crypto wallet MetaMask.
The warning was released under the heading “ALERT: Malicious Crypto Browser Extension – Masked MetaMask” and reported that the company had “seen an increase in warnings and comments within the online cryptocurrency community that users’ money was being stolen.”
In response to online criticism that MetaMask is not doing enough to divert its users away from potentially harmful websites and downloads, said Jacob Cantele, MetaMask’s Chief Product Officer asked Twitter what else should the company do?
“How can we improve? Currently we have warnings in multiple places within the product, we maintain a phishing detector that warns about tens of thousands of malicious sites, we run regular security marketing campaigns and we have legal means to try to remove these sites.”
Links to fake MetaMask sites are inadvertently reposted by cryptocurrency projects and reportedly appear regularly when Google Ads searches for the term “ metamask ” above the first result in Google.
Phishing Warning? @Google allows a phisher to purchase sponsored ads in their search results. If you use crypto, try to use direct links, and if you need to search, beware of sponsored links! pic.twitter.com/Fx4WArcH80
– MetaMask (@metamask_io) December 2, 2020
The scam works like this: After arriving at a phishing website which looks just like the real MetaMask site or downloads a malicious browser extension, users are prompted to enter their 12 word seed to connect their wallet. The seed is caught by the phisher and the wallet is emptied.
A friend of mine had his account emptied. He googled “metamask”, clicked on the first link (ad) that came up and asked him to download the fake metamask plugin. Once he installed it, everything from his account was cleared. Share Retweet! pic.twitter.com/OO9tkq1N6k
– Value Trader (@AbizMind) November 29, 2020
MetaMask stated that the best way to avoid phishing is to download the software only from the official site or from the Google Chrome store, but never by clicking on links on other websites.
For those who have already installed the MetaMask Chrome extension, MetaMask will display a warning in bright red if a user tries to visit a website that has previously been reported as a phishing site.
MetaMask users who are unsure whether a website has been reported as malicious are encouraged to visit it CryptoScamDB and enter the website URL or IP address where it will be compared against a database of reported scam and phishing websites.
In October, MetaMask announced that it had surpassed a million active users monthly, largely thanks to the acceleration of the DeFi trend in summer and fall. Rising Ether prices and a large user base suggest this type of phishing attack is not going to disappear anytime soon.