Sophisticated Phishing Attack Targets MetaMask Users Through Fake 2FA Security Alerts
A sophisticated phishing scam is targeting MetaMask users with fake 2FA alerts to steal their wallet recovery phrases.Summary
A new, highly sophisticated phishing campaign is actively targeting MetaMask users by sending emails that appear to be from MetaMask Support, claiming mandatory two-factor authentication (2FA) is required. These emails use professional branding and direct users to lookalike domains that closely mimic the official site. Once on the fake site, victims are tricked into entering their seed phrase under the guise of completing the 2FA verification process. Obtaining a seed phrase grants attackers full control over the wallet, allowing them to transfer funds without needing passwords or other security measures. This tactic exploits the perceived security of 2FA, even as overall crypto phishing losses reportedly dropped significantly in 2025. Security experts emphasize that users must never share their seed phrases, as attackers are re-emerging with market activity.
(Source:BeInCrypto)