BTC $95,194.00 +0.02%
ETH $3,319.81 +0.72%
SOL $142.48 -1.29%
AVAX $13.64 -0.22%
UNI $5.32 -1.02%
AAVE $173.44 -1.21%
MATIC $0.000000 +0.00%
ATOM $2.51 -1.75%
LINK $13.80 +0.49%
ADA $0.3940 -0.48%
DOT $2.15 -1.43%
DOGE $0.1374 -0.07%
SHIB $0.000008 -1.83%
LTC $75.49 +0.76%
TRX $0.3163 +2.02%
XLM $0.2276 +0.37%
XMR $600.06 -3.59%
ALGO $0.1285 -3.32%
VET $0.0116 -3.25%
BTC $95,194.00 +0.02%
ETH $3,319.81 +0.72%
SOL $142.48 -1.29%
AVAX $13.64 -0.22%
UNI $5.32 -1.02%
AAVE $173.44 -1.21%
MATIC $0.000000 +0.00%
ATOM $2.51 -1.75%
LINK $13.80 +0.49%
ADA $0.3940 -0.48%
DOT $2.15 -1.43%
DOGE $0.1374 -0.07%
SHIB $0.000008 -1.83%
LTC $75.49 +0.76%
TRX $0.3163 +2.02%
XLM $0.2276 +0.37%
XMR $600.06 -3.59%
ALGO $0.1285 -3.32%
VET $0.0116 -3.25%
HASH Banner
Home › HASH Desk › Fake MetaMask 2FA...
HASH DESK

Fake MetaMask 2FA scam targets Crypto wallet recovery phrases

AI-Powered • Editor Verified
•
January 5, 2026
Fake MetaMask 2FA scam targets Crypto wallet recovery phrases

Crypto users are facing a renewed wave of phishing attacks, with scammers now imitating MetaMask security alerts to steal wallet recovery phrases and drain funds within minutes. Blockchain security firm SlowMist has flagged the campaign as one of the most deceptive MetaMask-themed scams seen in recent months.

According to SlowMist’s Chief Security Officer, known online as im23pds, attackers are cloning MetaMask’s security interface and presenting victims with what appears to be an urgent “two-factor authentication (2FA) verification” process. 

The scam begins when users are redirected, often via malicious ads, compromised links, or spoofed emails, to look-alike domains designed to closely resemble MetaMask’s official website.

Once on the fake site, victims are shown a forged security warning claiming suspicious activity has been detected on their wallet. To increase pressure, the page includes countdown timers, animated “authenticity checks,” and language urging immediate action to prevent asset loss. These tactics are intended to override users’ caution and create a sense of panic.

The final step of the scam is also the most dangerous. Users are prompted to enter their wallet recovery phrase under the guise of completing a security verification. In reality, this phrase grants full control over the wallet. Once submitted, attackers can instantly transfer all assets out of the account, leaving victims with no technical means of recovery.

Security experts emphasize that legitimate wallet providers, including MetaMask, will never ask users for their recovery or seed phrases under any circumstances. Any website or message requesting this information should be treated as malicious.

SlowMist warns that the campaign highlights a broader trend in crypto crime: phishing attacks are becoming increasingly polished, mimicking official workflows rather than relying on obvious errors or poor design. 

As self-custody adoption grows, experts stress that user education remains the strongest line of defense against irreversible wallet theft.