Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
A new phishing scam targeting MetaMask users is spreading, using a very realistic “2-Step Verification (2-Step Verification)” flow to steal wallet recovery phrases.
The campaign highlights an increasing level of sophistication in social engineering tactics, even as reported losses from cryptocurrency phishing attacks decline sharply in 2025.
Sponsored
Sponsored
Blockchain security company SlowMist, CSO, highlighted the fraud in a recent post on X (formerly known as Twitter). This phishing scam uses several layers of deception To hack user wallets.
Victims receive emails that appear They are issued by MetaMask Support which announces mandatory requirements for two-factor authentication. Use professional commercial messaging, including the MetaMask fox logo and colors.
The post revealed that Attackers use The domains are very similar to the official domain. In the documented case, the fake domain differs by a single letter, making it difficult to distinguish at first glance.
Once users land on the phishing site, they are guided through what appears to be a legitimate security process. In the last stage, victims are asked to enter the seed phrase under the guise of completing a “2-step verification security check”.
Sponsored
Sponsored
This is the crucial point in the scam. Seed phrase for the wallet (also called recovery phrase or remember phrase) is the master key of the wallet. Anyone with access to it can:
- Transferring money without the knowledge or consent of the original owner
- Recreate the wallet on another device
- Get full control of all associated private keys
- Sign and execute transactions independently
Once someone has a seed phrase, they have access To the wallet without Password, two-step verification, or device approval required. As a result, wallet providers constantly warn users not to share their key phrases under any circumstances.
While two-factor authentication is intended to protect users, attackers are leveraging its reputation to deceive. This psychological strategy, combined with technical tricks and haste, is still a powerful threat.
The scandal comes after a wider slowdown in phishing-related losses. Data shows that losses Cryptocurrency-related phishing declined sharply in 2025, falling by about 83% to about $84 million, compared to nearly $494 million the previous year.
“Phishing losses coincide closely with market activity. Q3 saw the strongest peak in ETH and the highest phishing loss ($31 million). When markets are active, user activity generally increases, and the proportion of people who are victims increases – and phishing acts as a probability function of user activity,” said the Scam Sniffer report.
With market activity showing the first signs of recovery in early 2026, including gains in meme coins And indication of an increase Share hash, attackers have also started to reappear. Therefore, increased awareness of phishing tactics and careful management of wallet credentials remains crucial.
