Metamask 2FA Fraud Emerges, Phishing Attacks 83% 2025
Crypto investors are being targeted by a new phishing campaign impersonating MetaMask and tricking users into handing over their wallet passphrases, according to blockchain security firm SlowMist.
The attackers are impersonating a two-factor authentication (2FA) security authentication flow that redirects users to fraudulent domains with false security warnings asking for the user's genealogy.
When a user shares a wallet recovery phrase, funds from the wallet are stolen, SlowMist chief security officer 23pds warned in Monday's X post.
This new wave of scams serves to remind users that decentralized wallet protocols never ask for their secret recovery phrase, allowing anyone to control their wallet.
RELATED: Bitcoin Investor Loses Pension Fund In I-Fueled Love Scam
The phishing email redirects users to fake domains impersonating MetaMask, prompting them to enable 2FA for a short period of time, potentially losing access to key wallet features.
The final stage of the scamming process requires users to enter a 12-word seed phrase to complete a “security setup”.
Crypto phishing scams involve hackers sharing fraudulent communications with victims to steal sensitive information such as crypto wallet private keys.
Phishing scams have long been an issue in the cryptocurrency space, but the declining number of incidents shows that investors are getting wise to this threat.
Related: Crypto hack counts fall but supply chain attacks reshape risk landscape
Phishing scams will decrease by 83 percent by 2025
From $494 million in 2024 to $83.3 million in 2025, losses to phishing scams have dropped 83 percent, according to a report by security tool Web3 Scam Sniffer published on Saturday.
The number of victims of phishing scams has decreased by 68 percent year-over-year, from 332,000 victims in 2024 to 106,000 in 2025.
Still, losses from phishing attacks peaked in the third quarter of the year, the market's most active period, indicating that phishing losses are closely tied to market activity.
“When markets are active, overall user activity increases, and the percentage of fall victim-phishing works as a probabilistic function of user activity,” Scam Sniffer wrote in the report.
Phishing scammers often impersonate well-known brands to instill trust in their victims.
MetaMask is the world's leading self-sustaining wallet with more than 100 million annual users and 244,000 decentralized applications, according to its parent company Consensys.
Magazine: Meet the onchain crypto detectives who fight crime better than the police
