Over the past week, users of the MetaMask cryptocurrency wallet have been losing funds due to phishing scams that attracted potential victims through Google search ads.


MetaMask has a community of over a million users. The site offers a wallet for the Ethereum cryptocurrency in the browser via a browser extension that allows distributed applications to read data from the blockchain.


When installing a legitimate extension, you can either import an existing wallet or create a new one along with a secret initial phrase that allows access to the wallet.


While it’s unclear how many MetaMask users fell for the Scam, some say they were left with empty wallets after clicking on a fraudulent search ad promoted as a MetaMask site.


The phishing / advertising Scam is still active, and the new domain is constantly being promoted through Google search ads. On Wednesday, MetaMask warned its community about fraud and recommended using direct links to a legitimate URL metamask.io and stay away from sponsored ads.

However, for some users, the warning came too late, as some users reported losses in the tens of thousands of US dollars. This week, complaints started coming in, all stories describing the same scenario: money was lost after trying to install the MetaMask browser extension.

It was found that users went to the fake phishing page MetaMask through Google ads. Once on the page, they are asked to install an extension that will allow them to either import an existing wallet or create a new one.

If they click the “Create wallet” button, they will be taken to the real site MetaMask.io because there is no cryptocurrency that can be stolen. However, if they click on the “Import wallet” option, they will be prompted to enter the keyword of their existing wallet, which will then be sent to the attacker.


As soon as the fraudster received the initial phrase, they proceeded to empty the victims ‘ wallets. In response to MetaMask’s warning on Twitter, one user said that almost $ 30,000 had been stolen from Him.


Scammers bought Google ads to target users who search for MetaMask in the Google search engine. These ads led to the appearance of a fraudulent domain posing as a cryptocurrency service. They have registered several domains for the Scam, which is currently ongoing, as shown in the screenshot below taken by BleepingComputer:

Domain maskmefa.io currently promoted in search advertising when searching for MetaMask on Google. The spelling of the service in the ad title should be a red flag, but most users will probably miss this (note the Russian letter ” K ” and the space before the top-level domain). A Whois search on DomainTools shows that it was registered only yesterday.


Users who end up on fraudulent sites will find it difficult to detect fraud because it looks almost identical to a legitimate MetaMask page. Even if they check the domain in the address bar, there is a high probability of falling for the trick. The only difference between the original MetaMask site and the fake One is invisible to most users (the label on the button for getting an extension).


Fraud and malware attacks are more frequent during the holiday season, when consumers spend more on discounts or special offers and are more easily distracted.


It was also discovered that malicious ads were also placed on Microsoft Bing and Yahoo…

Leave a Reply

Your email address will not be published. Required fields are marked *

GPD Host Contacts
GPD Host Social
Pay with Confidence

Copyright © 2015 - 2020 GPD Host All right reserved.

Warning: Invalid argument supplied for foreach() in /var/www/vhosts/blog.gpdhost.com/httpdocs/wp-includes/script-loader.php on line 2652