Listen to the episode
TLDR
A new phishing campaign is targeting MetaMask wallet users by tricking them into handing over their secret recovery (seed) phrase. The fraudulent email pressures victims by claiming their wallet is at risk, then asks them to enter their 12...
How it works
A new phishing campaign is targeting MetaMask wallet users by tricking them into handing over their secret recovery (seed) phrase. The fraudulent email pressures victims by claiming their wallet is at risk, then asks them to enter their 12...
Red flags
- : Pressure tactic claiming your wallet is at imminent risk or compromised Any email or site asking you to type your secret recovery / seed phrase Recently registered look alike domain (captchasolve[.]help) used as the landing page Actions to take: Never enter your seed phrase on a website, no matter how urgent the message looks Verify MetaMask alerts only via the official extension/app or the metamask.io domain Report the email to your security team, mark as phishing, and rotate credentials if you already submitted any data
- move funds to a freshly generated wallet immediately
What to do
- 1Red flags: Pressure tactic claiming your wallet is at imminent risk or compromised Any email or site asking you to type your secret recovery / seed phrase Recently registered look alike domain (captchasolve[.]help) used as the landing page Actions to take: Never enter your seed phrase on a website, no matter how urgent the message looks Verify MetaMask alerts only via the official extension/app or the metamask.io domain Report the email to your security team, mark as phishing, and rotate credentials if you already submitted any data; move funds to a freshly generated wallet immediately
Source
FAQ
Is Phishing Campaign Targets MetaMask Users Asking for Secret Recovery Phrase a real scam pattern?
Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.
What are the first warning signs?
: Pressure tactic claiming your wallet is at imminent risk or compromised Any email or site asking you to type your secret recovery / seed phrase Recently registered look alike domain (captchasolve[.]help) used as the landing page Actions to take: Never enter your seed phrase on a website, no matter how urgent the message looks Verify MetaMask alerts only via the official extension/app or the metamask.io domain Report the email to your security team, mark as phishing, and rotate credentials if you already submitted any data; move funds to a freshly generated wallet immediately
What should I do first?
Red flags: Pressure tactic claiming your wallet is at imminent risk or compromised Any email or site asking you to type your secret recovery / seed phrase Recently registered look alike domain (captchasolve[.]help) used as the landing page Actions to take: Never enter your seed phrase on a website, no matter how urgent the message looks Verify MetaMask alerts only via the official extension/app or the metamask.io domain Report the email to your security team, mark as phishing, and rotate credentials if you already submitted any data; move funds to a freshly generated wallet immediately
Can LegalAudit check my case?
Yes. Start a free chat and paste the message, link, sender, or payment details for triage.