Indian crypto users targeted by MetaMask scammers via hacked govt websites: Report
MetaMask crypto scammers are using government-issued website URLs to deceive users and gain access to their crypto wallet assets
Metamask Scam flagged online
Highlights
- MetaMask alerted about ongoing crypto scams
- Another dent to the faith people had in crypto investments
- Microsoft Defender has flagged various URLs as phishing scams
MetaMask, the Ethereum-based crypto wallet has been a target for scammers for a long time and recently it landed itself amid another controversy.
As per a Cointelegraph report, it has been found that scammers are redirecting unsuspecting users to fake websites that ask for access to MetaMask wallets. The investigation revealed that many government-owned websites are being used to carry out this scam.
The report also found that official government websites from India, Nigeria, Egypt, and Colombia, as well as official government websites from Brazil and Vietnam, were redirecting users to fake MetaMask sites, as shown below.
MetaMask alerted
The Cointelegraph security team has taken action by notifying MetaMask of the ongoing scams, and MetaMask has responded promptly to the issue, demonstrating their dedication to user security. The security team at MetaMask emphasises the increasing attractiveness of the Web3 ecosystem to fraudsters and thieves, as it has the potential to grow significantly.
Government website URLs were manipulated by malicious links that lead users to false websites, creating a false sense of security. Microsoft Defender, a popular security tool, is essential for alerting users of phishing attempts and providing an additional layer of protection.
Users redirected to fake sites
Once a user has clicked on any of the malicious links embedded within the URLs of the government websites, they will be directed to a malicious URL instead of the authentic MetaMask.io URL. Upon accessing the malicious URLs, Microsoft's built-in security, Microsoft Defender, will alert the user to a potential phishing attempt. If the user disregards the warning, they will be presented with a website that appears to be the official website of MetaMask.
The malicious websites will then request users to connect their MetaMask wallets in order to access various services available on the platform.
Protecting users from scams
MetaMask has warned its users to report potential scams in light of the increasing number of attacks on cryptocurrency investors. The wallet provider has advised its users to cease using the seed phrase compromise and to create a new seed recovery phrase from a device that is not compromised. Additionally, it has stated that it does not collect customer information.
According to the wallet provider, 5K ETH was stolen from a variety of addresses across eleven blockchains, confirming that the claim that the funds were stolen from MetaMask was incorrect. In response to the allegations, Ohm Shah, co-founder of Wallet Guard, has stated that the team has conducted extensive research and that there is no definitive answer as to how the incident occurred.
Scammers from all over the world have been using fake websites to pull off crypto scams, and this is just another reminder of how serious the situation is for MetaMask users. This report shows just how widespread this scam can be, with official sites from different countries leading people right into the wrong MetaMask site. So, it's important to stay safe and vigilant in this ever-changing world of cryptographic security.
