2.4 k

Hackers Targeting MetaMask Users with Novel Phishing Scam

Guardio, a young cyber security company, has detected a sophisticated chain of attacks on non-custodian wallets. Major attack methods employ social engineering techniques and renewed phishing methods to trick wallet owners.  

The security company’s research team explained an ongoing attack on the popular crypto wallet, MetaMask. In effect, Guardio suggests several wallets have been compromised, in what is a grand-scale operation. In the cybersecurity team’s opinion, the recent wave of attacks could set the tone for more vicious ones.

While early blockchain developments were not user-friendly, the evolution of the industry has seen many of these complexities broken down. This means blockchain products are even more open to anyone like never before. Crypto is now readily available to all kinds of users, both the tech-savvy and the novice. 

MetaMask is the quintessential example of an access-friendly platform. The digital wallet is even available as a browser extension. MetaMask lends itself to blockchain developers for easy integration, which means employing its services in crypto on third-party applications is quite simplified. 

Unfortunately, its security and ease of integration seem to have an undesired trade-off according to the recent discoveries by Guardio. In its blog post, Guardio described several dubious movements on Web 3.0 and Metaverse, with attacks concentrated on MetaMask accounts.

Hackers Cloning UI to Trick Wallet Owners

When creating a new MetaMask account, a user is given secret keywords in a deliberate order. These key phrases are encrypted to generate a private key associated with each wallet’s ID. 

While this makes anonymity easily possible, it also means a fraudster only needs a user’s set of keywords to gain control of their wallets.

If the keywords end up in hands of an ill-meaning entity, the dedicated wallet can be cloned, which would allow unauthorized transactions to be done by scammers. 

Considering how technical Metaverse users are, attackers employ extra efforts to pull off their trick. This includes duplicating the website’s UI to the last detail – resulting in a total clone. 

Phishing page vs Original website. Source: Guardio

Phishing activity of this nature has been spotted by the security researchers at Guardio. The simplicity of the MetaMasks interface makes it easy to replicate. As a result, attackers can design counterfeit web pages and window pop-ups that match the original website in appearance. 

Counterfeit web domains by the dozens snake their way to the top of Google search results by adopting malvertising tricks. Typically, these websites are purposed for scamming unsuspecting users and vanish in a short time. This age-old technique of scamming users by assuming a disguise to deceive people of their money has been deployed on several metaverse users according to Guardio’s report. 

Phishing Campaigns on Metaverses

Guardio’s discovery began when it organized its security team to explore malicious activity on the crypto platform. In the process, the phishing raids were discovered, along with connections to Metaverses. 

The hacker’s focus on a metaverse is not exactly surprising. Metaverses’ intricate functionality, which commands both native tokens and NFTs, means most metaverse users are best off with non-custodial wallets.

After uncovering the same approach of attack across several Metaverse wallets, Guardio quickly sought to determine the full nature of the operation. According to Guardio, metaverses like Sandbox and Decentraland have been victims of these methods.

Results from the security team’s research reveal that malevolent actors exploit Google’s SEO ranking algorithm to put their counterfeit websites on top of users’ search results. 

In addition, actors use “domain typo-squatting” techniques to generate fake domain names similar to the original websites. Recently, Open Sea users were victims of a similar, elaborate phishing attack. As a rule of thumb, Guardio advised users to always double-check domain addresses and the appearance of the website before entering any private information. This is asides never sharing any private info with someone else of course.  

Bitcoin live price
price change

Guardio is confident there is a large-scale operation at play and is committed to understanding and exposing it.

Stay up to date with our latest articles