MetaMask reports new phishing scam with "fake two-factor authentication," mnemonic phrase being tricked into input as the greatest risk

Recently, MetaMask users are facing a new type of highly disguised phishing scam. Blockchain security firm SlowMist warns that attackers are exploiting the guise of “enabling two-factor authentication (2FA)” to induce users to voluntarily disclose their wallet seed phrases, directly stealing assets. This type of MetaMask phishing scam is highly targeted and poses a real threat to cryptocurrency user security.

It is disclosed that victims usually receive an email disguised as official MetaMask communication, which contains branding and security tips, claiming that users need to enable two-factor authentication immediately to “protect asset security.” To create a sense of urgency, the email often includes a countdown timer, prompting users to quickly click the “Enable Now” button under pressure.

Once the link is clicked, users are redirected to a fake page set up by the attacker. The page looks highly authentic, with the sole purpose of tricking users into entering their wallet seed phrases. Since seed phrases are equivalent to the highest permissions of the wallet, once disclosed, attackers can transfer assets within a short period, with almost no chance of recovery.

In fact, such phishing emails are not without flaws. Security personnel point out that scam pages and emails often contain subtle anomalies, such as spelling errors, inconsistent design details, or domain name disguises. In this incident, the domain name users are directed to is “mertamask,” not the official “metamask.” Additionally, the sender’s email often comes from unrelated accounts, sometimes even using public email domains like Gmail.

It is especially important to emphasize that MetaMask official will never ask users to verify accounts, enable security features, or input seed phrases via email. Any such request can almost certainly be a scam.

It is worth noting that this is not an isolated incident. Recently, cryptocurrency users have encountered multiple phishing and malware attacks, including fake MetaMask app updates, malicious code embedded in Trust Wallet browser extensions, and fake Eternl Desktop applications targeting Cardano users. These attacks cover multiple EVM-compatible networks and affect a broad number of victims.

Although Scam Sniffer data shows that the overall losses from cryptocurrency phishing scams in 2025 have decreased by nearly 88% year-over-year, security experts warn that attack methods are becoming more sophisticated and “credible.” For MetaMask users, the most critical security principle remains unchanged: never disclose seed phrases to any website or email, and always obtain wallet updates and security information through official channels.