A sophisticated new phishing campaign is targeting MetaMask users, tricking them into revealing their secret recovery phrases through bogus two-factor authentication (2FA) security checks. Blockchain security firm SlowMist has raised the alarm, warning that scammers are impersonating MetaMask to drain crypto wallets in seconds.
How the Scam Operates
The attack often starts with unsolicited emails mimicking official MetaMask communications, complete with branding and urgent warnings about enabling 2FA to avoid losing wallet access. These emails direct users to fraudulent websites that closely resemble MetaMask’s interface, featuring countdown timers and fake security alerts to create panic. Victims are guided through a seemingly legitimate verification process—until the final step demands their 12- or 24-word seed phrase to “complete” the setup.
Once entered, attackers gain full control of the wallet, swiftly transferring out funds. SlowMist’s chief security officer, known as 23pds, emphasized on X: sharing the recovery phrase means instant theft, as it’s the master key to any non-custodial wallet.
Key Warnings for Crypto Users
Experts stress that legitimate decentralized wallets like MetaMask never request your secret recovery phrase—ever. Official communications won’t come via random emails demanding urgent action, and 2FA setups don’t involve seed phrases. MetaMask’s support guidelines confirm they avoid unsolicited contacts and urge users to verify URLs manually, avoiding clicked links.
Broader Phishing Trends in Crypto
Despite this emerging threat, 2025 saw phishing attacks plummet 83% year-over-year, with losses dropping to $83.3 million from $494 million, per Scam Sniffer. Victim numbers fell 68% to 106,000. However, incidents spiked in Q3 amid bull market activity, showing scams thrive on heightened user engagement.
With MetaMask boasting over 100 million users and connections to thousands of dApps, it’s a prime target. As markets heat up in early 2026, vigilance is crucial—always double-check sources and protect your seed phrase like the keys to your fortune.