Hundreds of MetaMask wallets drained: What to check before you ‘update’
Hundreds of MetaMask wallets were drained following a phishing campaign disguised as a mandatory update email, highlighting endpoint security risks.Summary
Security researcher ZachXBT reported hundreds of EVM chain wallets being drained for small amounts, totaling over $107,000, linked to a phishing email disguised as a mandatory MetaMask upgrade, capitalizing on the New Year holiday period. The attack likely exploited contract approvals, allowing ongoing theft across multiple chains without immediately triggering alarms. The phishing email used legitimate branding elements, like the party-hat fox logo, but came from an illegitimate sender, "MetaLiveChain." Experts warn users to check for brand-sender mismatches, manufactured urgency, suspicious destination URLs, and any requests violating core wallet rules, such as asking for Secret Recovery Phrases. Once compromised, users should immediately revoke token allowances using tools like MetaMask Portfolio or Revoke.cash. If a Secret Recovery Phrase is exposed, the wallet must be abandoned entirely. The incident underscores that user endpoints remain the weakest link in self-custody, emphasizing the need for defense-in-depth strategies like wallet segregation (hot, warm, cold storage) and routine approval revocation, as education alone is insufficient against evolving threats.
(Source:CryptoSlate)