A surge in reports over the past 24 hours of user funds getting stolen by a malicious Chrome browser extension posing as popular crypto wallet MetaMask, has prompted Cyber Security firm CipherTrace to issue a warning.
Titled, “ALERT: Malicious Crypto Browser Extension — Masked MetaMask,” the company made a report that it noted increased alerts and comments from the online cryptocurrency community for theft of user funds.”
Metamask is not Doing Enough
Metamask is receiving online criticism because it’s not doing enough to divert its users away from potentially harmful websites and downloads. MetaMask’s chief product officer Jacob Cantele asked Twitter what more the company needs to do.
He stated that currently, they are warnings in multiple places within the product. He claimed that they maintain a phishing detector that warns about tens of thousands of malicious sites. They do regular security marketing campaigns and have legal resources to try to get these sites removed. Even after all this, some loopholes make Metamask questionable.
Cryptocurrency projects unintentionally post fake MetaMask sites on their blogs. It is also worth noting that these counterfeit sites show up frequently as Google Ads above the first result in Google searches for the wallet.
How the Scam Works
The phishing website looks like the real MetaMask website. One can download a malicious browser extension that could get phished. Users get instructed to enter their 12-word seed to link their wallets. The fisherman catches the seed, and his wallet gets taken off the money.
Passwords are precious, but attackers still need access to the user’s encrypted private key. The user’s original phrase or unencrypted private key no longer exists for that user.
MetaMask states that the best way to avoid phishing is to download software from the official website or Google Chrome Store, never by clicking on a link on another website.
For those who have installed the MetaMask Chrome Extension, the wallet will display a bright red warning when a user tries to visit a website that previously got reported as phishing.
MetaMask users who are unsure whether a website is malicious are requested to visit CryptoScamDB and enter the web site’s URL or IP address. They get redirected to the scam database phishing websites reported to be.
In October, MetaMask announced that it had surpassed one million active users per month, primarily due to DeFi’s accelerating trend in the summer and fall. The rising price of ether (ETH) and a large consumer base suggest that this type of phishing attack is not going away any time soon.