Cryptocurrency wallet provider MetaMask has alerted its users of a new phishing bot that attempts to steal their seed phrases.
Within an official tweet published today on Monday, MetaMask warned users that the bot attempts to direct users to a purported “instant support” portal where they’re prompted to enter information into a Google Docs form.
The form asks for the key recovery phrase that will be used to respawn users’ crypto wallets. MetaMask outlined that it doesn’t have a Google Docs-based network, urging users to hunt support from the “Get Help” option within the MetaMask app itself to avoid being scammed.
MetaMask also encourages users to report scams impersonating the wallet and its services, noting users can do so within the app.
Despite MetaMask warning its users of the phishing bot, a number of its users appear to possess already been scammed, with one Twitter user replying: “So there’s no way to get back our token right?”
Due to its popularity, MetaMask is one of the highest targets for hackers and scammers. Earlier on Tuesday, the developer behind the wallet, ConsenSys, outlined that it had hit a record 5 Mln active monthly users.
Phishing attacks are a social engineering technique employed by scammers to lure users into completing an action that reveals personal information or account details.
Also earlier in December last year, MetaMask detailed a “rotten seed phrase attack,” within which a malicious website mimics the website of the wallet the user is trying to install. The fake website generates a seed phrase that permits the scammers to regulate the wallet once it’s been installed.
It is not just beginner users who may fall victim to phishing scams, with a hacker fooling Nexus Mutual founder Hugh Karp into transferring roughly 370k NXM [Nexus Mutual tokens] worth $8 Mln to a wallet beneath their management at the end of last year.
Ledger users have also been inundated with phishing attempts, with two major breaches of company servers leading to the leaking of private data along with email addresses, phone numbers, and even physical addresses.