MetaMask users targeted in fake 2FA security verification scam

Crypto wallet MetaMask has announced that its users were victims of a 2FA security verification phishing scam, urging users to be vigilant. The fake email requested that MetaMask users update their 2FA security verification credentials by January 4, 2026, or else they would have limited access to key wallet features. 

23pds, partner and CISO at blockchain security firm SlowMist, was among the first industry KOLs to issue this phishing notice on social media early on January 5. The security researcher also cautioned MetaMask users to remain vigilant when handling emails from the crypto wallet firm.

Scammers impersonating MetaMask security pages attempted to trick users into completing a two-factor authentication process, with the actual goal of stealing their mnemonic phrases. The scam process involved creating and sending out links to fake security alert pages, 2FA verification interfaces, and countdown prompts, ultimately requesting users to enter their wallets’ mnemonic phrases. 

Meskauskas explains how to avoid MetaMask 2FA scam 

Malware researcher and internet security professional Tomas Meskauskas released an article a little over a month ago explaining how to avoid the 2FA activation email phishing scam. The report urged MetaMask to always check and verify the sender’s email address, among other minor details. Specifically, users were warned not to blindly trust emails from companies that appear to be legitimate.

Last year, the Australian cybersecurity service provider MailGuard identified and blocked a phishing email claiming to detect unusual activity on MetaMask user accounts. The email also requested that recipients activate their 2FA authentication without delay to prevent their accounts from being temporarily disabled.  

MailGuard warned that one cleverly worded email is all it takes for scammers to steal sensitive data from users or spread malware attachments and links. The computer security firm advised all recipients of such emails from MetaMask to delete them immediately to protect their crypto assets.

MetaMask has experienced several similar attacks since the 2022 security flaw in Apple’s cloud storage, when reports of stolen funds surfaced on social media. The ConsenSys-backed crypto wallet disclosed that the stolen digital assets included NFTs worth 132.86 ETH (~$402,980) and over $250,000 worth of APE (Apecoin), totaling over $650,000 in losses.  

MetaMask needs proactive anti-phishing measures

The cybersecurity team from blockchain security firm Halborn previously urged MetaMask and other crypto-related companies to proactively establish processes for managing phishing attacks. According to Halborn, such crypto companies must have these processes in place since no one can detect every phishing email. 

The blockchain security firm further stated that it is also important for MetaMask and similar companies to initiate incident response immediately after a phishing attack on users is identified, to minimize potential damage. It also noted that having a professional incident response team on call can make a significant difference between a major attack and a non-event. 

Meanwhile, the Halborn cybersecurity team urged MetaMask users to make it a habit of always activating their 2FA or MFA through the official platforms and keeping them up to date. It also noted that email security systems can help to detect and block potential phishing attacks, and using multi-factor authentication minimizes the impact of compromised credentials. 

The MetaMask support team has also advised users that the company will never send random confirmation emails, even when their wallets are connected to their Google or Apple accounts. The team also clarified that the company never asks for its users’ Apple or Google account details. 

MetaMask also emphasized that it will not and cannot initiate email correspondence with users unless a special request is made through the support team. It categorically stated that it does not request secret recovery phrases from its users, regardless of the circumstances.

The smartest crypto minds already read our newsletter. Want in? Join them.