In brief

  • CipherTrace has identified a malicious website posing as MetaMask.
  • The URL of the apparent phishing attack redirects users to a website that looks almost identical to MetaMask.
  • One Twitter user raised his concerns about this website with MetaMask in a tweet.

Cryptocurrency risk intelligence firm CipherTrace reported yesterday that it had seen an increase in posts alleging user funds have been stolen via a Chrome browser extension phishing attack masquerading as popular Ethereum wallet MetaMask

MetaMask—a browser plugin that serves as an Ethereum wallet—provides users access to a unique Ethereum address necessary to buy and sell Ethereum or Ethereum-based tokens. But MetaMask’s wallet is online, which means it can be vulnerable to phishing attacks—where scammers exploit a user’s personal information.

“Within the past 24 hours, CipherTrace has noticed an uptick of alerts and comments within the online cryptocurrency community of users’ funds being stolen via a Chrome browser extension phishing attack posing as cryptocurrency wallet and browser extension MetaMask,” CipherTrace said yesterday


The allegedly fraudulent browser extension redirects to a URL that was first seen eight days ago on November 26, 2020, according to Whois data provided by CipherTrace

Not before long, users started informing CipherTrace that this wallet was malicious. On November 28, 2020, a Twitter user that goes by the handle “dmazorosete” contacted MetaMask suggesting the website “looks like a scam.”

To date, dmazorosete has not received a response from MetaMask about this tweet. 

What’s more, based on screenshots shared by CipherTrace, the phishing site looks seemingly identical to MetaMask itself. This is designed to trick users into believing that it’s the real site. But appearances can be deceiving.


Stay on top of crypto news, get daily updates in your inbox.