After major blockchains underwent major upgrades – The Merge on Ethereum and Vasil on Cardano – the number of scams related to the cryptocurrency wallet increased. The target is above all MetaMask, one of the most targeted wallets by scammers and hackers. The main scam in this regard involves a fake update. Hackers take advantage of blockchain updates and warn that the wallets have suffered security breaches. To solve the problem, attackers say that users need to click on a link and update their wallets. However, both the failure alert and the link sent are false. Anyone who clicks on these links is taken to a fake wallet application controlled by hackers, who ask users to enter the wallet’s private key. But in doing so, the user runs the risk of losing their funds altogether. The most recent scam came from a Twitter account “@MetaMaskUpdates” which passes for an official MetaMask updates account. But what it does is create a trap to withdraw funds from those who end up believing in the supposed veracity of the alerts. This Wednesday (28), the fake account alerted users to a critical security issue with the MetaMask protocol. According to the message, the issue allows attackers to withdraw assets from any user’s wallet without having a password or recovery phrase. Furthermore, the profile advised users to immediately update MetaMask to mitigate issues and protect their funds.
Scam with MetaMask are security issues
The fraudulent Twitter account uses the name of Jen Luker, security project manager at MetaMask, to alert users to the critical security issue facing the protocol. It claims that users who do not update the MetaMask app or web software risk losing all assets in their MetaMask wallet. As determined by CriptoFácil, the fake Twitter account has 22,100 followers at the time of writing. To give an air of credibility, the account retweeted several messages posted by the official MetaMask profile. But the link mentioned on the Twitter account and on the website contains security risks and spelling errors. Even so, several users seem to have fallen for the scam, as the original MetaMask reportedly received more than 50,000 complaints. In all of them, users report having lost digital assets, cryptocurrencies and NFTs, all stolen from their wallets. “Earlier this month, we received alerts of an exploit that allows malicious actors to abuse the MetaMask identification protocol and strip all assets from users’ wallets without having access to the password or recovery phrase,” MetaMask said. The scam also detailed how attackers misused two functions within the MetaMask extension code to strip any user of their assets. However, the security team has developed an update to fix this critical vulnerability. As attackers are actively exploiting the issue, all users are required to immediately update their MetaMask extensions. And this need to update opens the door for scams, so MetaMask warns: do not download anything other than from official MetaMask websites.
Quaffles take advantage of updates
Hits appear to have increased amid updates to the Ethereum and Cardano hard forks. Security platform PeckShield also warned users about a scam involving fake airdrops on MetaMask that surfaced on September 22. Recently, the Twitter account of Indian exchange CoinDCX was compromised and explorers shared links to an XRP distribution. But it was another fraud. This came as the price of XRP skyrocketed in response to Ripple’s case against the United States Securities and Exchange Commission (SEC). Also Read: Luna Foundation Guard Denies Selling Bitcoins After Do Kwon Arrest Order Read Also: OpenSea Pays R$1 Million Reward To Ethical Hackers For Finding Vulnerability
