SlowMist Warns of Sophisticated 2FA Scam Targeting MetaMask Wallets

SlowMist Chief Security Officer “23pds” issued an pressing warning a couple of new phishing scam focusing on MetaMask customers by way of faux two-factor authentication verification pages designed to steal pockets restoration phrases.

The subtle assault mimics MetaMask’s safety interface utilizing spoofed domains that intently resemble the official platform, tricking customers into believing they’re finishing commonplace safety procedures whereas surrendering crucial pockets credentials.

The rip-off operates by way of a number of misleading levels that exploit person belief in safety protocols.

Attackers create fraudulent domains like “mertamask” as an alternative of “metamask” and redirect victims to convincing safety alert pages that seem genuine.

Users then encounter what seems to be an ordinary 2FA verification display, full with countdown timers and lifelike security reminders, which builds false confidence earlier than the ultimate step requests their seed phrase below the guise of authentication completion.

MetaMask 出现新型 ‘2FA 安全验证’ 骗局 @MetaMask @tayvano_
注意防范 pic.twitter.com/RJM78If9zb

— 23pds (山哥) (@im23pds) January 5, 2026

New Attack Vector Emerges as Phishing Tactics Evolve

While general phishing losses declined sharply in 2025, with wallet-draining assaults dropping 83% to $83.85 million from practically $494 million the earlier 12 months, attackers proceed to adapt their strategies.

According to a Cryptonews report, the quantity of affected customers fell to roughly 106,000, a 68% year-over-year lower.

Yet subtle operations just like the MetaMask 2FA rip-off present that menace actors proceed to refine social engineering ways at the same time as mixture losses decline.

Phishing exercise tracked intently with broader market cycles all through 2025, with the third quarter recording the best losses at $31 million throughout Ethereum’s strongest rally.

August and September alone accounted for practically 29% of complete annual losses, reinforcing what safety consultants see as phishing working as a “likelihood operate of person exercise,” the place increased transaction volumes enhance the potential sufferer pool.

The largest single incident of the 12 months concerned a $6.5 million theft in September tied to a malicious Permit signature.

Crypto phishing assaults linked to pockets drainers declined sharply in 2025, with complete losses dropping to $83.85 million, an 83% fall.#Wallet #Cryptohttps://t.co/2GlbAoHR78

— Cryptonews.com (@cryptonews) January 4, 2026

Permit and Permit2 approvals remained the simplest assault vectors, accounting for 38% of losses in instances exceeding $1 million, whereas new assault vectors emerged following Ethereum’s Pectra improve.

Attackers started abusing EIP-7702-based malicious signatures, which allow a number of dangerous actions to be bundled right into a single person approval, main to 2 such incidents in August that resulted in $2.54 million in losses.

Despite the general decline, attackers shifted methods from large-scale heists to mass retail campaigns, with solely 11 instances exceeding $1 million in 2025 in comparison with 30 the earlier 12 months.

The common loss per sufferer fell to $790, pointing to a broader deal with retail customers quite than remoted high-profile thefts.

Recent coordinated assaults have drained hundreds of wallets across EVM-compatible networks, with particular person losses sometimes below $2,000 per deal with.

Industry Mobilizes Defense Networks Against Persistent Threats

Major pockets suppliers, together with MetaMask, Phantom, WalletJoin, and Backpack, have launched a global phishing defense network by way of partnership with the Security Alliance (SEAL), creating what they describe as a “decentralized immune system” for real-time menace identification.

The system permits anybody worldwide to submit verifiable phishing studies, that are robotically validated and broadcast to all collaborating wallets, enabling faster response occasions and probably saving extra funds.

“Drainers are a relentless cat-and-mouse sport,” MetaMask safety researcher Ohm Shah stated. “Partnering with SEAL permits pockets builders to maneuver sooner and throw a wrench on the drainer’s infra.“

The protection effort builds on SEAL’s verifiable phishing studies instrument, which lets safety researchers show that reported web sites really host phishing content material.

@MetaMask, @Phantom, and different main wallets have partnered with SEAL to launch a world phishing protection community.#MetaMask #Cryptohttps://t.co/auvAQFmcSa

— Cryptonews.com (@cryptonews) October 22, 2025

Beyond technical exploits, deepfake expertise has emerged as one other menace vector, with Manta Network co-founder Kenny Li revealing again in April that he was targeted in a sophisticated Zoom call utilizing prerecorded movies of acquainted people.

The attackers tried to trick him into downloading malicious script information disguised as Zoom updates, with Li suspecting North Korea-linked Lazarus Group involvement.

Meanwhile, crypto-related losses from hacks and cybersecurity exploits fell 60% in December to roughly $76 million, down from November’s $194.2 million.

However, safety consultants warning that persistent threats similar to address-poisoning scams and browser pockets exploits proceed to focus on customers throughout the ecosystem.

The publish SlowMist Warns of Sophisticated 2FA Scam Targeting MetaMask Wallets appeared first on Cryptonews.