Government sites hijacked to trick Metamask users

Crypto hackers now have a new strategy: infiltrate official government websites to ensnare investors. The main target? Users of the MetaMask wallet on the Ethereum network. But how do these scams work, and how can you protect yourself against them?

How do hijackings of official websites represent cyber attacks via MetaMask?

You’re probably familiar with MetaMask, a crypto wallet – the world’s most widely used by the way – obviously compatible with the Ethereum blockchain network. Unfortunately, it has become the focus of cybercriminals for some time. According to an investigation by Cointelegraph, scammers are setting up fraudulent websites to mislead users of MetaMask and gain access to their portfolios.

Unfortunately, the hackers didn’t stop there! The scheme became even more complex when official websites from countries such as India, Nigeria and Brazil were hijacked for malicious purposes. The URLs of these government sites are manipulated to redirect users to fake versions of MetaMask playing on the trust naturally placed in official institutions.

When users fall into the trap and click on one of these malicious URLs, they are redirected to a fake site. Although some security mechanisms, such as Microsoft Defender, can warn users, those who ignore these alerts are faced with a deceptive interface similar to the real MetaMask website.

MetaMask responds proactively to phishing threats

MetaMask was informed of these scam attempts. In response, the company pointed to the growing appeal of Web3, which is becoming a prime target for fraudsters due to its numerous opportunities and its still immature regulatory framework. Aware of this growing threat, Consensys, the company behind MetaMask, is stepping up its efforts to protect its users. The company is developing and integrating innovative detection tools to anticipate and counter these attacks as soon as they appear. It also urges its users to report any attempted scams they may encounter.

“We are integrating various heuristics (metadata, indicators, TTP, etc.) related to this ongoing malicious campaign into our detection systems, in the hope of identifying other similar attacks as soon as they start and acting to neutralize them before they reach our users, or at least reduce their impact.”

MetaMask statement

In a compromised situation, MetaMask recommends that users instantly stop using their recovery phrase and renew it from a secure device. In addition, it is essential to note that MetaMask never asks for “Know Your Customer” information (KYC) from its customers.

The rapid emergence of Web3 certainly offers new opportunities, but it also introduces new risks, exploited by dishonest actors. Constant vigilance is therefore crucial, particularly when it comes to the security of crypto assets. Although entities such as MetaMask are working hard to secure their ecosystem, the first line of defense is still caution and user education.