Categories
Crypto Wallets Ethereum MetaMask Scams

MetaMask Users Warned of New Phishing Campaign Targeting Users

Crypto security firm Halborn has warned of a new email phishing campaign targeting MetaMask users. 

In a blog post published July 28, Halborn’s technical education specialist Luis Lubeck analysed the phishing email and highlighted red flags users should look out for to keep their digital assets safe from these types of scams.

How the Scam Works

This latest scam involves an email, ostensibly from MetaMask, asking the recipient to verify their MetaMask wallet’s seed phrase. The recipient is told the seed phrase is needed by MetaMask in order to comply with regulations and that failure to comply will result in their wallet being “restricted”:

Screenshot of the phishing scam email received by MetaMask users.

Clicking on the button to verify the seed phrase takes recipients to a fraudulent imitation of the MetaMask website where they are prompted to input their seed phrase. If the user complies, the scammers gain full access to the wallet, allowing them to steal the user’s assets.

Red Flags and Warning Signs

Lubeck cautioned that to an inexperienced, casual crypto user not paying close attention, the email could appear legitimate. However, he highlighted some important red flags, including:

  • the sending address not being from a legitimate MetaMask domain, but rather from ‘metamaks.auction’;
  • the lack of personalisation, such as the recipient’s real name or other identifying information; and
  • the call to action button linking not to MetaMask’s website, but to a fraudulent URL.

Lubeck stressed that the best defence against phishing attacks is to be extra careful when receiving email requests related to crypto accounts or wallets:

The best defence against phishing attacks like these is to stay vigilant when receiving emails and think twice before doing anything that seems a bit unusual or potentially suspicious. 

Luis Lubeck, technical education specialist, Halborn

MetaMask Frequent Target of Scammers

Due to its status as the most popular wallet for Ethereum, MetaMask is often targeted by scammers. 

In April, MetaMask warned Apple users to disable iCloud backups after it was revealed their MetaMask seed phrases were being automatically backed up to the cloud storage service and then targeted in phishing attacks. In one case, a user lost over US$600,000 worth of assets to this scam.

In November 2021, a Reddit user reported his friend had lost 38 ETH to another MetaMask scam in which a paid Google ad directed users to a fake MetaMask website to install a fraudulent version of the browser extension, allowing scammers to steal users’ assets.

Categories
Crypto Wallets MetaMask

Security Flaw Dubbed ‘Demonic’ Discovered in MetaMask and Phantom Wallets

In a classic case of “the devil is in the detail”, security researchers from Halborn have discovered a security flaw dubbed ‘Demonic’ in MetaMask and Phantom wallets.

Do Not Import Wallets Using Unencrypted Computers

According to researchers, when users imported a web extension wallet using their seed phrases via an unencrypted computer, their assets could be at risk if a hacker manages to get access to their hard drives:

These attacks are known as ‘key-finding’ or ‘key-search’, and consist of attackers using cryptography to decrypt messages on computer systems and gain access to them, leaving users’ systems exposed to the hands of the attackers:

Vulnerability Patched Up

The Demonic vulnerability only affects users with web extension wallets including MetaMask, Phantom, Brave, and XDefi wallets, while mobile users and anyone with fully-encrypted hard drives remain unaffected.

According to researchers, all wallets have now patched the security flaw. MetaMask updated its wallet with version 10.11.3, while Phantom is rolling out a new update for its wallet next week.

After the security flaw was discovered, MetaMask awarded Halborn US$50,000, while Phantom hired Oussami Amri, the employee who found the vulnerability.

MetaMask Can’t Catch a Break

MetaMask seems to be constantly in the headlines when it comes to security protocols and users’ safety. A month ago, Crypto News Australia reported that the Ethereum-based wallet had issued a phishing attack security alert for iPhone users, warning that their assets could be at risk from an iCloud-related phishing scam.

After all, the number one rule in crypto is to never give your private key or seed phrase to anyone, and never connect it to a website or app you don’t recognise, or you could end up like Dallas2626, a MetaMask user who lost US$10,000 from a scammer in Discord using a fake WalletConnect app.

Categories
Bitcoin Crypto News Markets MetaMask

Robinhood Announces Web3 Wallet to Rival MetaMask

Robinhood is diving into the world of Web3 with the announcement of a non-custodial wallet, allowing customers to access NFTs, decentralised exchanges and swap tokens through a new interface.

Digging Deeper into Crypto

According to the announcement made at the Permissionless Web3 conference, the newly launched non-custodial wallet will operate much like rival MetaMask, which remains the wallet of choice in the world of Web3 despite recent issues concerning phishing attacks and user downtime:

The wallet will operate separately from Robinhood’s existing stock platform, and has been specifically optimised for user experience. This was apparently done in order to provide beginners with a simple and intuitive design to easily navigate a space that can be complex.

Co-founder and chief executive Vlad Tenev confirmed as much, saying:

With our Web3 wallet, we’re building a product that will satisfy the most advanced DeFi believers while creating a secure on-ramp for those who are just starting out in crypto to go deeper into the ecosystem.

Vlad Tenev, co-founder and CEO, Robinhood

Robinhood’s crypto CTO Johann Kerbrat reiterated the importance of being user-friendly to beginners, adding: “We’re [Robinhood] making it [the wallet] not scary, [but] easy to use.”

Aside from providing a newbie-friendly interface, users may also be pleased to hear that the company intends on subsidising gas fees, elevated levels of which have plagued the sector of late.

Shift in Public Perception

Robinhood has been making news since inception, more often for the wrong reasons – from revelations that “free trades” came at the expense of selling users’ order flow, to its role in the infamous GameStop short squeeze.

With its stock down 80 percent from its all-time high, Robinhood is clearly looking to turn the tide with its new product. Last month, it revealed plans to integrate with Bitcoin layer 2, the Lightning Network, however the company was later mocked after the CEO claimed that DOGE could “become the currency of the internet”.

Judging by reactions to the news, Robinhood has a public relations problem that even a best-in-class wallet may not solve:

Categories
Crypto News MetaMask Scams

CoinGecko Warn Users of ‘Suspicious Pop-Ups’ Phishing Attacks

Several popular crypto websites, including those of data aggregator CoinGecko and Ethereum block explorer Etherscan, were targeted by a large-scale phishing scam last weekend that displayed malicious pop-ups prompting users to connect their MetaMask wallets.

The scam was linked to the now deactivated domain nftapes.win, which displayed the Bored Apes Yacht Club logo in an attempt to appear legitimate. At the time of writing, it was unclear how many users were affected and how much they lost.

How the Scam Worked

According to CoinGecko, the scammers hijacked the advertising platform Coinzilla, which displays ads across a wide network of crypto-related sites, injecting malicious code that triggered the fraudulent pop-ups.

From there it was a relatively straightforward phishing scam leveraging the trust of the websites they exploited. The pop-ups would prompt users to connect their MetaMask wallets, and of course once they did their digital assets were immediately transferred to the scammers.

When the advertising code was identified as the root cause of the fraudulent pop-ups, it was deactivated on the CoinGecko website.

Advertising Code a Serious Vulnerability

Twitter user and blockchain researcher @CryptoShrine explained that this type of attack is quite common and suggests that Web3 site owners should look to move away from advertising as a primary source of revenue:

Scams of this nature can cause significant losses because they can affect many websites at the same time by piggybacking on the advertising code, and because the malicious pop-ups can appear on trustworthy websites it increases the likelihood of users falling victim.

Similar Recent Phishing Scams

As crypto has gone more mainstream in the past 18 months, the number of phishing scams has dramatically increased. Last month alone saw MetaMask issue a security alert about a phishing scam affecting iCloud users and hardware wallet provider Trezor suffer a phishing scam that exploited its MailChimp newsletter.

Categories
Crypto News DeFi Ethereum MetaMask

MetaMask Users Frustrated as Infura Suffers Another Service Outage

Users of the popular Ethereum wallet MetaMask are infuriated after the wallet’s default endpoint, Infura, again suffered a major outage.

Infura is Metamask’s main RPC (Remote Procedure Call) provider that allows the wallet to communicate with the Ethereum network. Last week, at least 15 components of the Infura system suffered complete or partial outages, bringing down MetaMask access in the process.

MetaMask addressed the issue on Twitter, explaining that: “If you’re currently experiencing issues with MetaMask, it may be because of the outage that Infura is actively combating.”

Not the First Outage in the Infura Protocol

All Infura systems appear to be up and running again, as per the protocol’s status page. But this is yet another outage to have occurred in the Infura protocol, and users didn’t hesitate to call out for a more decentralised ecosystem where everyone can run their own nodes. As it was, users had to deploy different RPC endpoint solutions, such as Alchemy or QuickNode, to access their Web3 accounts:

On the subject of a lack of decentralisation, last month both MetaMask and OpenSea banned wallets associated with Venezuelan and Iranian IP addresses, citing compliance issues, only later to discover that Infura had cut off users to separatist areas in Ukraine, accidentally blocking Venezuelan users as well.

MetaMask has been having a rough time of it this month. On April 20, Crypto News Australia reported how MetaMask iPhone users were endangered by an iCloud-related phishing scam.

Categories
Crypto Wallets MetaMask Scams

MetaMask Issues Phishing Attack Security Alert for iPhone Users

Software-based crypto wallet MetaMask has warned its users on Apple devices that their assets may be at risk from an iCloud-related phishing scam. 

MetaMask tweeted out the alert on April 18, stating that users of Apple devices should ensure their Apple ID password is “strong enough” and providing instructions for disabling iCloud backups:

The alert comes after a Twitter user known as revive_dom reported losing US$650,000 of digital assets to the scam.

iCloud Stores MetaMask Seed Phrase 

The crucial vulnerability the scammers exploited is that, by default, iCloud backs up the MetaMask seed phrase and stores it digitally online. 

This means that if a MetaMask user on an Apple device hasn’t specifically turned off iCloud backups and a scammer can gain access to the user’s iCloud account, the scammer has full access to the digital assets stored in that user’s MetaMask wallet.

Classic Phishing Scam with a Twist

The details of how the scam was carried out against revive_dom were tweeted by Twitter user Serpent, who is also the founder of the NFT project DAPE: 

Essentially, the scammers raised the user’s suspicions by triggering numerous iCloud password reset attempts, which made it appear as though someone was trying to maliciously access the user’s iCloud account. 

The scammers then called the user from a spoofed number, which made them appear to be from Apple support. After the scammers established trust, the user mistakenly told them the two-factor authentication code to reset their iCloud password. The scammers then had full control of the user’s iCloud account and MetaMask wallet and stole all the user’s assets.

Scam Highlights Hot Wallet Security Risks

Most Twitter users have been supportive of revive_dom and other victims of this scam, but many have also emphasised the inherent risks of storing your assets on a hot wallet such as MetaMask and have suggested victims should have been using cold wallets such as Ledger and Trezor:

MetaMask is a popular software wallet in the Ethereum ecosystem. It has made news recently for adding a feature that allows iOS users to purchase crypto directly through the MetaMask mobile app using a debit or credit card, and for blocking users from some countries, such as Iran and Venezuela, from accessing their wallets.

Categories
Banking Coinbase Crypto News Crypto Wallets Ethereum Gas MetaMask Payments Stablecoins

MetaMask iOS Update Allows Users to Buy Crypto Using a Credit Card

MetaMask now allows iPhone and Apple Pay users to buy crypto using a debit or credit card through its mobile application, eliminating the need to transfer Ethereum from a centralised exchange such as Coinbase into the app.

And in response to popular demand, MetaMask has also introduced the Apple Dark Mode feature, which will automatically open in the app as long as a user’s iPhone operating system has dark mode enabled.

Daily Deposit Limit of 400 USD

Users can now deploy their Visas and Mastercards stored in Apple Pay to buy ETH and deposit a daily maximum of US$400 into their wallets, thanks to the Wyre API (MetaMask uses two payment gateways, Wyre and Transak, to support debit card and credit card transactions).

Gas fees are also said to be lower, and some transactions may even be gasless if done on a private blockchain or if a project pays for the gas on the user’s behalf. (When completing an ETH purchase, MetaMask discloses that it does not profit from gas fees.)

Buy Stablecoins and Make Bank Transfers in 60+ Currencies

Via Transak, users have been able to buy stablecoins such as USDT, USDC and DAI on the Ethereum mainnet in MetaMask for some time now, but the latest update also allows them to make bank transfers and use credit/debit cards to buy crypto using more than 60 global currencies.

Exact payment methods and fees vary depending on the location. Earlier this month, OpenSea and Metamask blocked users from countries including Iran and Venezuela after both platforms cited compliance issues. It was later confirmed that Ethereum’s Infura cut off users to separatist areas in Ukraine, accidentally blocking Venezuelan users as well.

Just this week, the EU Parliament announced its intention to extend checks to cover privately managed unhosted wallets, including MetaMask, despite fears that such rules could prove unenforceable.

Categories
Crypto News MetaMask NFTs OpenSea Russia

OpenSea Updates Banned Countries List, Sparking Decentralisation Debate

OpenSea, the world’s largest NFT marketplace, has updated its list of banned countries according to the US sanctions list and has many bringing up the issue of decentralisation.

US-based OpenSea has reportedly begun barring Iranian users from its platform, which has led to outrage from NFT collectors and sparked a fresh debate regarding decentralisation in the crypto space. The list has expanded since last week, adding Iran to the list after only users in separatist areas of Ukraine were banned, along with users from Venezuela who were added to the list in error.

The Office of Foreign Assets Control (OFAC) of the US Department of the Treasury administers and enforces economic and trade sanctions based on US foreign policy and national security goals against targeted foreign countries and regimes, terrorists, international narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the US.

US Office of Foreign Assets Control

Iranian Artist Vents to 4,700 Followers

Last week, Iranian users of OpenSea woke up and started posting on Twitter that their accounts had been deactivated or deleted without prior warning from the platform. “Bornosor”, an NFT artist from Iran, vented his frustrations to 4,700 followers in a tweet that gained traction very swiftly, garnering 342 retweets and 1,000+ likes within just a few hours:

According to an OpenSea spokesperson, OpenSea reserves the right to block users based on sanctions:

“Our terms of service explicitly prohibit sanctioned users or users in sanctioned territories from using our services. We have a zero-tolerance policy for the use of our services by sanctioned individuals or entities and people located in sanctioned countries. If we find individuals to be in violation of our sanctions policy, we take swift action to ban the associated accounts.”

As it stands, current US sanctions outline that American companies are not allowed to provide goods or services to any users based in countries on the sanctions list, including Iran, North Korea, Syria, and now also Russia:

Actions from OpenSea Provoke Decentralisation Debate

The actions taken by OpenSea have fostered new debates about whether large blockchain-based firms and services are adequately decentralised, with the MetaMask wallet joining in on enforcing sanctions:

According to MetaMask’s Twitter account, Venezuelan users were accidentally banned from accessing their wallets after blockchain development company Infura inadvertently broadened the scope of its sanctions to the South American country.

Categories
Crypto News Ethereum MetaMask NFTs OpenSea

OpenSea and MetaMask Block Users from ‘Some’ Countries

MetaMask wallet and OpenSea users from Iran and Venezuela have been blocked in Ethereum transactions after the platforms cited compliance issues. It was later confirmed that Ethereum’s Infura cut off users to separatist areas in Ukraine, accidentally blocking Venezuelan users as well.

Users in Iran and Venezuela began reporting problems this week with accessing their digital wallets, with hordes of users saying none of their transactions sent through MetaMask was realised.

The first instances of bans were noticed on the NFT platform OpenSea, which reportedly locked and deactivated several Iranian users. Users from Venezuela began reporting problems with accessing their own wallets soon after, with thousands of messages popping up on social media.

The issue was briefly addressed by MetaMask on its support page, saying that MetaMask and Infura would be unavailable in certain jurisdictions due to legal compliance issues. When attempting to use MetaMask in one of those regions, users received a message stating that MetaMask was unable to connect to the blockchain host.

While users were able to see their MetaMask balances and transaction histories, any attempt to interact with the Ethereum network was blocked, meaning that the ban stemmed from Infura, the Ethereum API infrastructure developed by ConsenSys.

Iran Users Blocked from OpenSea

MetaMask and Infura are not alone. Reports are also circulating on social media of users from Iran being blocked on OpenSea:

NFT artist Parin Heidari also reported that her NFT collection on OpenSea was showing 404s in response to the previous tweet.

These episodes follow a recent call from Ukraine’s Vice Prime Minister for crypto exchanges to block Russian users.