A new type of scam has come to light where tricksters are using manipulated links in legitimate government websites to trap MetaMask users. The swindlers create a false portal that closely mimics the official MetaMask site, essentially gaining control of a user's assets once they connect their wallets.
Instead, it's a global trap. Government websites in countries like India, Brazil, Egypt, Colombia, Nigeria, and Vietnam have been detected as leading users of these fraudulent MetaMask pages.
To understand how a scam occurs, a user might click on a seemingly harmless link while browsing one of these government websites. Instead of leading to "MetaMask.io," the authentic URL, the user is directed to an imitation site. If a user is using Microsoft Defender, the software will flag this as a potential phishing scam. However, if the warning is dismissed, users find themselves on a site nearly identical to the real MetaMask platform. At this point, they are prompted to connect their wallets to use different services. Once done, scammers gain total control over their MetaMask assets.
The striking resemblance between the bogus and real MetaMask websites is a key reason people fall for this scam. In April, MetaMask rejected reports of a security flaw that allegedly led to a loss of over 5,000 ETH. The company clarified that the loss spanned multiple addresses across 11 different blockchains, and MetaMask was not to blame.
Ohm Shah, the co-founder of Wallet Guard, said that MetaMask's research team is working around the clock to figure out how this happened. According to Shah, there is still "no definitive explanation" for the mechanism behind these scams.
MetaMask users should be wary of any unexpected prompts to link their wallets and should double-check URLs to ensure they are on the genuine MetaMask site.
Comment 0