In a Thursday post written by Halborn’s technical education specialist Luis Lubeck, the active phishing campaign used emails to target MetaMask users and trick them into giving out their passphrase.
Email Phishing Scams are the Most Popular
The firm analyzed scam emails it received in late July to warn users of the new scam. Halborn noted that at an initial glance, the email looks authentic with a MetaMask header and logo and messages that tell users to comply with Know Your Customer (KYC) regulations and how to verify their wallets.
However, Halborn also noted there are several red flags within the message. Spelling errors and a fake sender’s email address were two of the most obvious. Furthermore, scammers used a phony domain called metamaks.auction to send phishing emails.
Phishing attacks are social engineering attacks using targeted emails to lure victims into revealing more personal data or clicking links to malicious websites that attempt to steal crypto.
There was also no personalization in the message, the firm noted, which is another warning sign. Hovering over the call to action button reveals the malicious link to a fake website, prompting users to enter their seed phrases before redirecting to MetaMask to empty their crypto wallets.
Cybersecurity is a Must Have Component in Cryptoverse
Halborn, which raised $90 million in a Series A round in July, was founded in 2019 by ethical hackers offering blockchain and cybersecurity services.
In June, Halborn researchers discovered a case where a user’s private keys could be found unencrypted on a disk in a compromised computer. MetaMask patched its extension versions 10.11.3 and later, following the discovery.
However, there was no mention of the new email phishing threat on MetaMask’s Twitter feed at the time of writing.
Last week, Celsius users were warned of a phishing threat following a third-party vendor employee’s leak of customer emails.
In late July, security researchers warned of a new malware strain called Luca Stealer appearing in the wild. The information stealer has been written in the Rust programming language and targets Web3 infrastructure such as crypto wallets. Similar Malware called Mars Stealer was discovered targeting MetaMask wallets in February.
How to Protect Crypto Assets and Identity Data
Hard wallets have advanced security as investments, and data are stored offline.
Bloomberg reported on Monday that hardware wallet maker Ledger is seeking an additional $100 million following its mammoth $380 million Series C round last year.
The fresh funding will give the firm a higher valuation than the $1.5 billion it commanded in June 2021, according to the report, which cited people familiar with the talks.
Ledger’s plans suggest that despite the onset of depressed conditions in the crypto market in recent months, there are areas of the industry for whom the immediate outlook looks positive, such as hardware wallets.
With crypto firms such as exchanges beset by liquidity problems causing them to take steps such as suspending customer withdrawals, more users could be looking to store their crypto themselves on a hardware wallet. “Not your keys, not your coins” is a common warning fired at those who keep their crypto on an exchange.
Ledger has 4 million customers to date, according to its website.
Get your Free “Beginners Guide to Crypto & Defi” here.