MetaMask representatives informed users in their official Twitter account that their development team had discovered scam-bots who are trying to steal their unique passphrases.
Attackers are trying to redirect Ethereum purse users to a site that allegedly belongs to the MetaMask help service. But the strangest thing is that wallet clients are offered to indicate their passphrase in a special Google Docs document in order to restore access to MetaMask.
The developers themselves were quick to announce that they have never worked and do not intend to work through Google documents. Instead, they strongly recommend that users of the cryptowallet click on the “Get Help” button inside the MetaMask app itself in cases where they have problems. This is the most reliable way to avoid data leakage. In addition, it is not entirely clear why some people try to get information from support in unverified sources, instead of writing to the official service.
Apparently, MetaMask sounded the phishing alarm for a reason, since users have already started contacting the application developers with a request to return the tokens stolen by cybercriminals. This is not surprising given the popularity of the purse though. The team noted that monthly active users have quadrupled in just six months, reaching 5 million.
Be careful, as MetaMask wallet phishing affects not only newbies but also experienced members of the community. So, for example, a hacker got around the head of Nexus Mutual, stealing 370,000 NXM tokens worth about 8 million from him. Ledger users are also constantly faced with hacked MetaMask wallets. One of them led to the leakage of personal data of clients, including e-mail, their phone numbers, and even home addresses.