MetaMask wallet verification scam is a type of scam in which the victim is led to believe that it has to verify the MetaMask wallet in order to use a web service (crypto exchange, protocol, etc.). If the victim falls for the scam and proceeds to verify the wallet through the attacker’s website, all of the victim’s funds will be lost.
The purpose of the MetaMask Wallet Verification scam is to obtain the secret recovery phrase and/or the private key of the victim’s wallet. Once obtained, the attacker can easily transfer all of the victim’s funds to himself.
The attacker is impersonating the MetaMask Team, claiming that all MetaMask users have to verify their wallets in order to comply with the new regulations. The attacker controls the landing page on which the fake wallet verification is taking place and can see all the information that the victim is inputting to the landing page. Once the private key and/or the secret recovery phrase are inputted to the fake wallet verification page, the attacker has full control of the victim’s wallet.
The potential victims of the MetaMask Wallet Verification Scam are users looking to connect their MetaMask wallets to web3 apps, decentralized exchanges, staking apps, etc.
How does the MetaMask Wallet Verification Scam work?
In order for the attacker to succeed, the victim has to take the following actions:
- The victim has to click the “Verify your wallet” button, or the link below the button.
- Once forwarded to the attacker’s landing page, the victim has to type in the secret recovery phrase or the private key of its MetaMask wallet.
If the above steps are not completed, the attacker cannot gain the secret recovery phrase and/or the private keys of the user’s wallet.
How to protect yourself
The first step in protecting yourself from this type of scam is to always remember the golden rule of MetaMask:
Never share your private keys or your secret recovery phrase with anyone!
MetaMask team will never ask you for your secret recovery phrase. The whole point of decentralization is that you have ownership of your assets. If anyone ever asks you for your private key or your secret recovery phrase, they are trying to scam you. Your private keys and your secret recovery phrases are yours alone and must not be shared with anyone.
For maximum protection, always remember to:
- Keep your private key and your secret recovery phrase to yourself. Do not share it with anyone.
- Make sure you are connecting your MetaMask wallet to legitimate websites. Bookmark your commonly used exchanges and web3 sites. Double-check the URLs. If something looks suspicious it is probably a scam.
- Consider using a cold wallet for storing your cypto assets.
Stay safe out there.