Mohammedia – MetaMask users are being warned about a new phishing campaign that impersonates a security upgrade and tricks victims into handing over their wallet seed phrases, putting funds at immediate risk.
The attack centers on a spoofed email designed to look like an official message from MetaMask, alerting users that they must enable two-factor authentication to protect their accounts.
According to blockchain security firm SlowMist, the email is carefully branded and uses urgent language to push recipients into acting quickly.
In several cases, the message includes a countdown timer, a psychological tactic meant to create pressure and reduce the likelihood that users will pause to verify the request.
When users click the call to action, they are redirected to a fake website controlled by the attackers. The page imitates MetaMask’s interface and walks victims through a supposed verification process.
In reality, the only objective is to collect the mnemonic seed phrase, which grants full control over a wallet. Once entered, attackers can drain funds almost instantly, leaving victims with little recourse.
Security researchers note that the scam contains telltale signs common to phishing attempts. The fake websites often use misspelled domains that closely resemble legitimate ones, while the emails may originate from unrelated addresses or public email services.
SlowMist stressed that MetaMask does not send unsolicited emails asking users to verify accounts or activate security features, and any such request should be treated as suspicious.
Crypto phishing campaigns intensify amid recent wallet incidents
The emergence of this campaign follows a series of recent security incidents targeting crypto wallet users.
Late last week, cybersecurity researcher Vladimir S. flagged another phishing operation that pushed a fake MetaMask application update, which was linked to an active wallet-draining exploit.
Blockchain investigator ZachXBT said the operation resulted in losses of under $2,000 per wallet, but affected users across multiple EVM-compatible networks.
The wider context includes a major incident involving Trust Wallet over the Christmas period. Attackers gained access to the browser extension’s source code and managed to upload a malicious version to the Chrome Web Store.
Losses from that breach reached approximately $7 million, according to on-chain estimates. Trust Wallet later announced that it would reimburse affected users.
Warnings have also been issued to users of Cardano, after emails circulated promoting a fake Eternl desktop application designed to steal credentials.
While these incidents occurred within a short timeframe, not all have been formally linked, and investigations remain ongoing.
Despite the recent spike in high-profile cases, overall losses from crypto phishing campaigns appear to have declined. A report from Scam Sniffer showed that total losses in 2025 fell by nearly 88% compared to the previous year.
Security experts say this may reflect growing user awareness, but caution that increasingly polished scams continue to pose a serious threat.
Authorities and security firms continue to urge users to avoid clicking links in unsolicited emails, verify official communications through trusted channels, and never share seed phrases under any circumstances.
Read more on Morocco World News
