Crypto scams targeting MetaMask users are using government-owned website URLs to con victims and access their crypto wallet holdings.
Ethereum-based crypto wallet MetaMask has been a long-standing target for scammers — which involves redirecting unwary users to fabricated websites that request access to the MetaMask wallets. Cointelegraph’s investigation on the matter found numerous government-owned websites being used to perpetrate this exact scam.
Official government websites from India, Nigeria, Egypt, Colombia, Brazil, Vietnam and other jurisdictions have been found redirecting to fake MetaMask websites, as shown below.
Cointelegraph altered MetaMask about the ongoing scams and has not yet heard back from them at the time of writing.
Once a user clicks on any of the rogue links placed within the government website URLs, they are redirected to a fake URL, instead of the original URL “MetaMask.io”. Once accessed, Microsoft’s built-in security — Microsoft Defender — warns users about a possible phishing attempt.
If a user decides to ignore the warning, they are then greeted by a website that closely resembles the official MetaMask website. The fake websites will eventually ask the users to link their MetaMask wallets to access various services on the platform.
The above screenshot shows the similarity between the real and fake MetaMask websites, which is one of the main reasons investors fall for such common scams. Linking MetaMask wallets on such websites gives scammers complete control over the assets held over those particular MetaMask wallets.
In April, MetaMask denied claims of an exploit that potentially drained over 5,000 Ether (ETH).
Recent reporting on @tayvano_’s thread has incorrectly claimed that a massive wallet draining operation is a result of a MetaMask exploit.
This is incorrect. This is not a MetaMask-specific exploit. https://t.co/MiJ3QgslMy
— MetaMask (@MetaMask) April 18, 2023
The wallet provider said the 5,000 ETH was stolen “from various addresses across 11 blockchains,” reaffirming the claim that funds were hacked from MetaMask “is incorrect.”
Speaking to Cointelegraph, Wallet Guard co-founder Ohm Shah said the MetaMask team has been “researching tirelessly,” and there is “no solid answer to how this has happened.”