Rotten Seed Phrases: a New Scam Targeting Crypto Users
Ads and search engine results are not a reliable way to identify that you are installing the real version of a wallet. Take this opportunity right now to bookmark metamask.io as your exclusive source of MetaMask software and support.
In recent days, Web3 users across many wallets, devices, and platforms have experienced a barrage of phishing attacks, including malicious websites that pay for ads to appear high in search results. While investigating, we discovered that one tactic is especially prevalent: fake and malicious websites that attempt to trick users into installing the wallet using a compromised seed phrase that the attacker has access to. Here, we’d like to inform users about the nature of this attack, and how to avoid it.
In a rotten seed phrase attack, a malicious website mimics the website of the wallet the user is trying to install. The fake website takes the user through an imitation of the wallet’s onboarding flow directly inside of the scammer’s website (instead of where it would typically occur after the wallet is installed).
Toward the end of the fake onboarding process, the user is instructed to backup their seed phrase as normal. However, the seed phrase provided was previously generated by the scammer. After backing up this rotten seed phrase, the user is taken to the wallet’s real website, and is instructed by the scammer to install the wallet and import the rotten seed phrase.
At this point, although the user has the real wallet installed, the scammer has complete access to all of the user’s accounts. The scammer waits for the user to add funds to their wallet, and then drains the accounts.
Recently, these malicious pre-phishing scams have been promoted via paid ads on Google and other search engines linking to fake versions of wallet websites. We have reported the behavior to those search engines and look forward to their action. Ads and search engine results are not a reliable way to identify that you are installing the real version of a wallet. Take this opportunity and bookmark metamask.io right now as your exclusive source of MetaMask software and support.
MetaMask’s official website is metamask.io, our browser extension can be found in the Google Chrome, Mozilla Firefox, and Microsoft Edge stores, and our mobile app can be installed directly from the Apple App Store or the Google Play Store.
We will never ask you for your seed phrase, nor host a website that provides you with a seed phrase. We do not provide support on Telegram, because of the prevalence of scams on Telegram. The same applies to hardware wallets. Never generate a seed phrase for your hardware wallet on a third-party website, or share the seed phrase of your hardware wallet with anyone.
If you recently installed a crypto wallet that you found via a search engine advertisement where you were taken through an onboarding journey on a website, you may be compromised. If you believe that your seed phrase is compromised, you must immediately move your funds to an account created from a safe seed phrase. One simple way to check if you may be affected is to search your browsing history for when you installed MetaMask, and see if you arrived at a site other than metamask.io.
To move your funds to a secure copy of MetaMask, install MetaMask directly from our site, metamask.io, in a second web browser or browser profile, and transfer your funds from your previous install, sending ETH last so you can pay for gas.