MetaMask Users Under Attack: Fake 2FA Scam Draining Wallets in Seconds
Scammers are exploiting MetaMask users with fake 2FA verification pages to steal their seed phrases and drain wallets instantly.Summary
MetaMask users are currently being targeted by a sophisticated two-factor authentication (2FA) scam that leads to rapid wallet draining. The attack, flagged by SlowMist, involves phishing emails or social media links directing victims to fake websites that closely mimic official MetaMask interfaces, often using typosquatting in the domain name. These sites create a false sense of urgency, sometimes using countdown timers, to pressure users into entering their 12- or 24-word seed phrases under the guise of "2FA verification." Once submitted, attackers gain immediate control and can drain all assets. MetaMask itself is not vulnerable; the exploit relies entirely on social engineering. To avoid this, users must never share their seed phrase, manually type URLs instead of clicking links, and be suspicious of any unsolicited communication demanding immediate security action.
(Source:CCN)