Crypto traders are being focused by a brand new phishing marketing campaign that impersonates MetaMask and tips customers into handing over their pockets restoration phrases, in response to the blockchain safety agency SlowMist.
The attackers are impersonating a pretend two-factor authentication (2FA) safety verification circulation, which redirects customers to fraudulent domains by pretend safety warnings that request customers’ seed phrases.
As soon as customers share their pockets restoration phrase, the funds from the pockets are stolen, warned SlowMist’s chief safety officer, 23pds, in a Monday X submit.
The brand new wave of scams serves as a stark reminder that decentralized pockets protocols would by no means ask customers for his or her secret restoration phrase, which allows anybody to take management of the pockets.
Associated: Bitcoin investor loses retirement fund in AI-fueled romance rip-off
The phishing e-mail redirects customers to pretend domains impersonating MetaMask, urging them to allow 2FA inside a brief interval, claiming they might lose entry to key pockets options.
The ultimate step of the fraudulent course of asks customers for his or her 12-word seed phrase to finish the “safety setup.”
Crypto phishing scams contain hackers sharing fraudulent hyperlinks with victims to steal delicate info, equivalent to crypto pockets non-public keys.
Phishing scams have been a long-standing situation within the cryptocurrency area, however the lowering variety of incidents alerts that traders have gotten wiser to this risk.
Associated: Crypto hack counts fall however provide chain assaults reshape risk panorama
Phishing scams fall 83% in 2025
Losses to phishing scams decreased 83% year-over-year, falling to $83.3 million in 2025, from $494 million stolen by phishing in 2024, in response to a report from Web3 safety software Rip-off Sniffer, printed on Saturday.
The variety of phishing rip-off victims additionally decreased by 68% year-over-year, from 332,000 victims in 2024 to 106,000 in 2025.
Nevertheless, losses to phishing assaults peaked within the third quarter of the 12 months, in the course of the market’s most energetic interval, signaling that phishing losses are intently eclipsing market exercise.
“When markets are energetic, total person exercise will increase, and a proportion fall sufferer — phishing operates as a chance perform of person exercise,” wrote Rip-off Sniffer within the report.
Phishing scammers usually impersonate the most well-liked manufacturers to construct belief with their victims.
MetaMask is the world’s main self-custodial pockets with over 100 million annual customers and 244,000 related decentralized purposes, in response to its guardian firm, Consensys.
Journal: Meet the onchain crypto detectives preventing crime higher than the cops