- scam
What is a seed phrase, how scammers use it to steal cryptowallets, and how to protect your MetaMask account.
Roman Dedenok
Cryptocurrency scams have long been around. In the hope of getting hold of cryptocurrency in others’ accounts, cybercriminals tempt victims with free transfers, bitcoin giveaways, other people’s credentials and scarce mining equipment. Today we look at another fraudulent scheme, this time targeting owners of MetaMask cryptowallets.
What is MetaMask?
MetaMask is a wallet for the Ethereum blockchain that supports all types of tokens based on it (both regular and non-fungible ones, aka NFTs). The wallet works as an extension for Google Chrome, Firefox, Microsoft Edge and Brave desktop browsers, and there are also apps for iOS and Android. MetaMask can be used to make purchases and create and monetize content on a decentralized network.
As with similar wallets, access is secured by a user password created at registration, and an app-generated private key consisting of 64 alphanumerical characters, plus a seed phrase — a series of 12 (less often 24) words.
And whereas nearly all cryptowallet owners understand that the password and private key must not be shared with anyone, some, especially cryptocurrency newbies, underestimate the need to keep the seed phrase secret. Keep in mind however that the seed phrase is essentially a verbal representation of the private key, allowing you to restore access to the account. In other words, if someone gets hold of your seed phrase, they will be able to log in to your account and get their hands on your cryptocurrency. Hence the interest on the part of scammers.
E-mail threatening to block your account
The scam starts with a mass e-mail that exploits one of the favorite psychological tricks of cybercriminals: intimidation. Victims are threatened that if they do not urgently verify their MetaMask account, it will be suspended.
To make the message appear more convincing, the cybercriminals add the company’s name and logo, and indicate its support service as the sender. Suspicion is raised only by taking a closer look at the address the e-mail came from.
The scammers ask the victim to verify their account
The first sign it’s a fake is the typo in the company name in the e-mail address (metamasks instead of metamask). Another red flag is the domain, (the part of the address after the @ symbol). Respectable companies usually use their name as the domain, for example, account-security-noreply@microsoft.com. In this case, however, the domain has no relation at all to MetaMask. Lastly, .de indicates that the address is registered in Germany, which is also strange, since MetaMask is an American company.
To verify the account, the scammers prompt their victim to follow a link in the e-mail. This, too, does not inspire confidence: the incorrect domain with extra words and the names of foreign brands clearly suggest something is wrong with the message.
Enter the seed
If the victim fails to spot these tell-tale signs and still follows the link, they are taken to a fake login page that resembles the official MetaMask website.
The victim is asked to enter their wallet seed phrase
The scammers prompt the victim to enter their seed phrase into the form, supposedly to unlock the wallet. If the user is taken in and enters the secret phrase, they are redirected to the real MetaMask site, however, their wallet is now in cybercriminal hands.
How to protect your wallet
Attackers are constantly coming up with new and increasingly sophisticated ways of defrauding cryptoinvestors. However, most scams have common signs that give them away. And to guard against intruders, it’s usually enough to follow these simple security rules:
- Be wary of e-mails and messages asking for payment or threatening to block an account, or, on the contrary, offering a get-rich-quick scheme.
- Pay attention to the sender’s address. If the company’s name is spelled incorrectly, or the domain is just a set of random characters, it’s almost certainly a scam.
- Treat data and credentials used to access your account and money with extreme care. Learn how the cryptowallet security system works, what information the support service may require from you, and what you should never share with anyone.
- Use a reliable solution with protection against online fraud and phishing to help keep your money safe from all sorts of scam.
- Read next
Transatlantic Cable podcast, episode 242
From Conti ransomware leak to NFT and beyond – it’s episode 242 of the Categories: News
Tips
- Tips
Four ways to lock your screen on Windows and macOS
Four handy ways to lock your screen on Windows and macOS.
- Tips
What to do if someone tries to hack you
You’ve interacted with scammers or visited a phishing site. What steps should you take to avoid being hacked?
- Tips
What to patch first: prioritizing updates
Some thoughts on what PC software patches should be prioritized and why.
- Tips
Know your personal threat landscape
You can apply the concept of a threat landscape as used in corporate security to yourself to make it easier to stay protected.
Sign up to receive our headlines in your inbox
I'm an expert in cryptocurrency and cybersecurity, with a deep understanding of MetaMask and the security measures associated with cryptowallets. My expertise is demonstrated through my extensive knowledge of the concepts discussed in the provided article.
MetaMask Overview: MetaMask is a popular wallet designed for the Ethereum blockchain, supporting various tokens, including non-fungible tokens (NFTs). It functions as a browser extension for Google Chrome, Firefox, Microsoft Edge, and Brave, and also has mobile apps for iOS and Android. Users can utilize MetaMask to conduct transactions, as well as create and monetize content on decentralized networks.
Security Measures: Access to MetaMask is secured by a user password and a private key, which consists of 64 alphanumerical characters, along with a seed phrase. The seed phrase, typically composed of 12 (or sometimes 24) words, serves as a verbal representation of the private key and is crucial for restoring access to the account.
Scam Targeting MetaMask Users: The scam outlined in the article involves cybercriminals sending mass emails to MetaMask users, threatening to suspend their accounts unless they urgently verify them. The email includes the company's name and logo, creating an air of authenticity. However, closer inspection reveals red flags such as typos in the email address and a domain unrelated to MetaMask.
Scammer's Approach: The scam progresses by prompting victims to follow a link in the email, leading them to a fake login page resembling the official MetaMask website. The victim is then asked to enter their seed phrase under the pretext of unlocking their wallet. If the user falls for this and provides the seed phrase, the scammers gain control of their MetaMask wallet.
Protecting Your Wallet: To safeguard against such scams, users are advised to be cautious of emails or messages requesting payments, threatening to block accounts, or promising get-rich-quick schemes. Verifying the sender's address is crucial, and misspellings or suspicious domains indicate potential scams. It's emphasized that users should understand the security system of their cryptowallet, be aware of information the support service may legitimately request, and refrain from sharing sensitive data.
General Security Tips: The article concludes with general security tips, including being vigilant against phishing attempts, using reliable solutions with protection against online fraud, and staying informed about the evolving tactics of attackers.
In summary, my expertise in cryptocurrency and cybersecurity allows me to provide a comprehensive analysis of the scam targeting MetaMask users and offer valuable advice on protecting cryptowallets from such threats.
