Cryptocurrency risk intelligence firm CipherTrace reported yesterday that it had seen an increase in posts alleging user funds have been stolen via a Chrome browser extension phishing attack masquerading as popular Ethereum wallet MetaMask.
MetaMask—a browser plugin that serves as an Ethereum wallet—provides users access to a unique Ethereum address necessary to buy and sell Ethereum or Ethereum-based tokens. But MetaMask’s wallet is online, which means it can be vulnerable to phishing attacks—where scammers exploit a user’s personal information.
“Within the past 24 hours, CipherTrace has noticed an uptick of alerts and comments within the online cryptocurrency community of users’ funds being stolen via a Chrome browser extension phishing attack posing as cryptocurrency wallet and browser extension MetaMask,” CipherTrace said yesterday.
The allegedly fraudulent browser extension redirects to a URL that was first seen eight days ago on November 26, 2020, according to Whois data provided by CipherTrace.
Not before long, users started informing CipherTrace that this wallet was malicious. On November 28, 2020, a Twitter user that goes by the handle “dmazorosete” contacted MetaMask suggesting the website “looks like a scam.”
I clicked in the add. Same content as in metamask. The url is https://t.co/cyg1LYw4Vy It looks like a scam. Please @metamask team check it out. I might be wrong. “fake” web here pic.twitter.com/S9NYlDtf0R
— Diego Mazo diegomazo.eth (@dmazorosete) November 28, 2020
To date, dmazorosete has not received a response from MetaMask about this tweet.
What’s more, based on screenshots shared by CipherTrace, the phishing site looks seemingly identical to MetaMask itself. This is designed to trick users into believing that it’s the real site. But appearances can be deceiving.