Cybersecurity Firm Halborn Warns of New Active MetaMask Phishing Campaign

By:

Updated: Aug 1, 2022, 10:57 UTC

A technical education specialist at Halborn has issued a new warning about a scam email targeting MetaMask users

Key Insights:

The new phishing campaign is focused on passphrases and features a MetaMask header and logo.
The company has encouraged users to spot red flags in emails such as spelling errors.
Halborn researchers recently disclosed a wallet vulnerability that affected a segment of users across many browser-based wallets.

Halborn, a cybersecurity company that protects blockchain organisations from online attacks, has raised the alarm about a new phishing campaign that is targeting users of the popular crypto wallet MetaMask.

Although there are a myriad of phishing techniques that scammers use, this one in particular relies on passphrases.

Active Phishing Campaign

According to Halborn, which has worked with over 150 blockchain organisations including THORChain (RUNE) and Avalanche (AVAX), the scam email that is circulating features a fraudulent MetaMask header and logo.

The email purports to be from MetaMask and directs users to a clickable button with a time-sensitive “verify your wallet” prompt. The subject line references an open support ticket and asks users to comply with Know Your Customer (KYC) guidelines.

KYC compliance is a standard in the industry referring to the mandatory collection and use of information about a customer beyond just obtaining basic evidence of identity. The procedure is critical in verifying a customer’s risk and financial profile in accordance with Anti-Money Laundering (AML) laws.

In addition, the phishing campaign includes a fake domain called metamaks.auction. Users who open other properties of the email will notice that the server used to deliver the message (unicarpentry.onmicrosoft.com) is not related to the real service.

Warning

Halborn has encouraged users to spot red flags in emails such as spelling errors and a lack of personalisation – both of which are prevalent in these emails. For example, the blockchain security firm notes that if this was indeed a real email from a financial institution or a well-known crypto wallet service like MetaMask, the email will contain the real name of the recipient, some other ID information, and more clear instructions.

The company added that users should avoid clicking on any button or link that they receive by email, SMS or WhatsApp and to always verify the URL by moving a pointer over the button or link before clicking on it.

In June, Halborn researchers disclosed a wallet vulnerability that affected a segment of users across many browser-based wallets, including MetaMask. More specifically, they brought to light a case where a user’s private keys could be found unencrypted on a disk in a compromised computer.

In response, MetaMask, which boasts over 30 million monthly active users as of March this year, implemented mitigations for these issues and patched its extension versions 10.11.3.

Last week, crypto lender Celsius announced that some of its customer information had been leaked in a third-party data breach. According to the company, the list of client email addresses was leaked by an engineer at the Customer.io messaging platform.

About the Author

Mohadesa Najumiauthor

Mohadesa Najumi is a British writer who has worked within crypto, forex, financial technology, and the stock market industry. Mohadesa received her MSc in Political Science and International Relations at the University of Amsterdam.