Key Points:
- SlowMist warns of spoofed MetaMask alerts pushing fake 2FA.
- Countdown timers pressure users into revealing sensitive recovery seed phrases.
- Entering the seed phrase gives attackers full wallet control instantly.
A fresh phishing attack has emerged aimed at stealing wallet seed phrases by masquerading itself as a two-factor authentication (2FA) check process to steal wallet seed phrases among MetaMask users. The fraud, high-profiled by SlowMist Chief Security Officer called 23pds on X, involves falsely displaying safety warnings and countdown timers to find a sense of urgency and fool its victims into disclosing their personal recovery data.
As the research findings of SlowMist show, attackers are distributing spoofed emails and web pages with MetaMask that seem to be official security-related messages. The fake emails purport that the users are supposed to activate 2FA to secure their account, which is not a requirement of MetaMask.
After clicking the “Enable 2FA Now” button, the users are redirected to a fake MetaMask interface that should resemble the original one. The counterfeit site has a countdown of verification which gives a misleading urgency. Users are then requested to enter their seed or recovery phrase at the end of the flow and this is supposed to be the end of the 2FA setup. The statement places scammers at the mercy of the wallet and makes them able to transfer all the assets immediately.
According to security researchers, MetaMask will never send you unsolicited email or request that you verify your wallets or enter your seed phrases on the Internet.
The social engineering tactics, urgency, fear, and authority the scammers seem to be exploiting to manipulate its victims are classic. The fake pages mainly have MetaMasks branding, official-like logos, and professional layout to look valid. Even specific variants of the scam include slight typographical mistakes or minor misspelling of the URLs like mertamask.io, it is quite easy to overlook and pass by the user when skimming rapidly.
Crypto Phishing Losses Drop Despite the MetaMask Case
The phishing attack that targets the MetaMask occurs shortly following a string of high-profile wallet security attacks. As earlier reported, Trust Wallet experienced a browser extension attack in the Chrome Web Store at the end of December, costing the company approximately $6 million.
On-chain investigators such as blockchain analysts ZachXBT have noted a surge of attacks in Ethereum Virtual Machines (EVM) networks in a series of attack-related interconnections. Although a significant portion of the cases had comparatively minor per-wallet damages with some being less than $2,000, the count of victims has been extensive.
Despite this, the overall crypto phishing environment has changed radically in the last year. According to a recent report by Web3 security company Scam Sniffer, the reported losses attributed to phishing decreased by almost 83% in 2025 to an approximate of about $84 million, compared to 2024 (almost $494 million).
Scammers Chasing After Whales
But this turnover conceals a more disturbing trend. Organized crime is transitioning out of mass assault and towards whale hunting, or a focus on people of high net worth. Although the overall cases have been declining, the amount of loss per victim has increased drastically.
The analysis conducted by Scam Sniffer attributed spikes of phishing activity to periods of sudden rise in the crypto market, particularly when Ethereum is on a roll, and the number of investors and transactions reach the highest possible. In the third quarter of 2025, say, phishing losses reached out at 31 million dollars as the ETH reached out to 5,000.
The company also observed that recent upgrades of the Ethereum network including Pectra update and EIP-7702 were actually used by malicious actors to package fraudulent activity into a single signature. This adaptation, as also seen in Kraken’s case last year, highlights the speed at which malicious individuals exploit decent technological advancement to benefit their ill purposes.
Source: https://www.cryptonewsz.com/metamask-users-face-2fa-verification-scam-risk/
