Cryptocurrency risk intelligence firm CipherTrace reported yesterday that it had seen an increase in posts alleging user funds have been stolen via a Chrome browser extension phishing attack masquerading as popular Ethereum wallet MetaMask. 

MetaMask—a browser plugin that serves as an Ethereum wallet—provides users access to a unique Ethereum address necessary to buy and sell Ethereum or Ethereum-based tokens. But MetaMask’s wallet is online, which means it can be vulnerable to phishing attacks—where scammers exploit a user’s personal information.

“Within the past 24 hours, CipherTrace has noticed an uptick of alerts and comments within the online cryptocurrency community of users’ funds being stolen via a Chrome browser extension phishing attack posing as cryptocurrency wallet and browser extension MetaMask,” CipherTrace said yesterday

How to Stop Your Ethereum 2.0 Validator From Getting Slashed

The allegedly fraudulent browser extension redirects to a URL that was first seen eight days ago on November 26, 2020, according to Whois data provided by CipherTrace

Not before long, users started informing CipherTrace that this wallet was malicious. On November 28, 2020, a Twitter user that goes by the handle “dmazorosete” contacted MetaMask suggesting the website “looks like a scam.”

To date, dmazorosete has not received a response from MetaMask about this tweet. 

MetaMask Debuts Token Swaps, Vows ‘Best Prices Across DeFi’

What’s more, based on screenshots shared by CipherTrace, the phishing site looks seemingly identical to MetaMask itself. This is designed to trick users into believing that it’s the real site. But appearances can be deceiving.