Published in


Rotten Seed Phrases: a New Scam Targeting Crypto Users

Only get MetaMask from Always get the link from a place you trust.

Ads and search engine results are not a reliable way to identify that you are installing the real version of a wallet. Take this opportunity right now to bookmark as your exclusive source of MetaMask software and support.

In recent days, Web3 users across many wallets, devices, and platforms have experienced a barrage of phishing attacks, including malicious websites that pay for ads to appear high in search results. While investigating, we discovered that one tactic is especially prevalent: fake and malicious websites that attempt to trick users into installing the wallet using a compromised seed phrase that the attacker has access to. Here, we’d like to inform users about the nature of this attack, and how to avoid it.

In a rotten seed phrase attack, a malicious website mimics the website of the wallet the user is trying to install. The fake website takes the user through an imitation of the wallet’s onboarding flow directly inside of the scammer’s website (instead of where it would typically occur after the wallet is installed).

Toward the end of the fake onboarding process, the user is instructed to backup their seed phrase as normal. However, the seed phrase provided was previously generated by the scammer. After backing up this rotten seed phrase, the user is taken to the wallet’s real website, and is instructed by the scammer to install the wallet and import the rotten seed phrase.

At this point, although the user has the real wallet installed, the scammer has complete access to all of the user’s accounts. The scammer waits for the user to add funds to their wallet, and then drains the accounts.

Recently, these malicious pre-phishing scams have been promoted via paid ads on Google and other search engines linking to fake versions of wallet websites. We have reported the behavior to those search engines and look forward to their action. Ads and search engine results are not a reliable way to identify that you are installing the real version of a wallet. Take this opportunity and bookmark right now as your exclusive source of MetaMask software and support.

MetaMask’s official website is, our browser extension can be found in the Google Chrome, Mozilla Firefox, and Microsoft Edge stores, and our mobile app can be installed directly from the Apple App Store or the Google Play Store.

We will never ask you for your seed phrase, nor host a website that provides you with a seed phrase. We do not provide support on Telegram, because of the prevalence of scams on Telegram. The same applies to hardware wallets. Never generate a seed phrase for your hardware wallet on a third-party website, or share the seed phrase of your hardware wallet with anyone.

If you recently installed a crypto wallet that you found via a search engine advertisement where you were taken through an onboarding journey on a website, you may be compromised. If you believe that your seed phrase is compromised, you must immediately move your funds to an account created from a safe seed phrase. One simple way to check if you may be affected is to search your browsing history for when you installed MetaMask, and see if you arrived at a site other than

To move your funds to a secure copy of MetaMask, install MetaMask directly from our site,, in a second web browser or browser profile, and transfer your funds from your previous install, sending ETH last so you can pay for gas.




MetaMask is a bridge that allows you to visit the distributed web of tomorrow in your browser today. It allows you to run Ethereum dApps right in your browser without running a full Ethereum node.

Recommended from Medium

{UPDATE} Farm Animal Hospital 3 Hack Free Resources Generator

Cybersecurity and the 21st Century: The Most Notorious Cyberattacks of The Past Two Decades

Anyswap Multichain Router V3 Exploit Statement

{UPDATE} Halloween-noita ja velho Hack Free Resources Generator

Everest: The Inception of Project Identities

Merlin — $200,000 USDT Bounty Reward Program

What, Really, is Cyber Deception?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Writer, team MetaMask.

More from Medium

Create a Polygon Network Wallet

Crypto FAQ | DragonFi

AAX Integrates FIO Send to Simplify Cryptocurrency Transactions

Introducing the Air-gapped Signing Function