What’s Happening?

A dangerous new phishing scam is impersonating MetaMask updates to trick users into downloading malware. Victims who fall for it lose all their Ethereum and tokens within minutes.

How the Scam Works

1️⃣ Fake Emails/Ads: Scammers send emails or ads claiming “Your MetaMask requires an urgent update!” with malicious links.
2️⃣ Bogus Website: Victims land on a cloned MetaMask site (e.g., MetaMask-update[.]com).
3️⃣ Malware Download: The “update” installs malware that:

• Steals seed phrases

• Grants remote wallet access

• Drains funds silently

Pro Tip:
Enable MetaMask’s phishing detection in Settings > Security & Privacy.

(Like/Save to spread awareness! 💙)

Michelle Luggard

Top Author

Red Flags to Spot the Scam

✔ MetaMask NEVER emails you about updates (only in-app notifications).
✔ Check URLs carefully – Official domain: metamask.io (bookmark it!).
✔ No legitimate update will ask for your 12-word phrase.

How to Stay Safe

• Only update via the official Chrome/Firefox store or MetaMask mobile app.

• Never enter your seed phrase online – MetaMask will never ask for it.

• Use a hardware wallet (Ledger/Trezor) for large holdings.

If You Clicked the Link

1. Disconnect your device from the internet.

2. Transfer funds to a new wallet (with a new seed phrase).

3. Report the scam to MetaMask Support.

Why Share This?
🔸 Over $2M in ETH was stolen this month via fake wallet updates (SlowMist Report).
🔸 Scammers target both newbies and experienced traders.

🔗 Comment for more alerts – Protect yourself and others!