QI Quadriga Initiative

Dec 2020 - MetaMask Phishing InstallMetaMask.com - $Unknown (Global)

"A crypto wallet & gateway to blockchain apps" "Start exploring blockchain application in seconds. Trusted by over 1 million users worldwide."

"[A] fraudulent extension redirects victims to installmetamask.com, which is not an official site of Metamask. Per Whois information, the web domain was registered on November 29, 2020. Ciphertrace found out the first mention in Twitter of the fraudulent domain from a user who asked Metamask team about the site’s authenticity"

"According to an alert published by Ciphertrace, since December 2, 2020, they have been noticing “an uptick of alerts and comments” about crypto funds stolen via a Chrome browser extension posing as the ethereum (ETH)-based wallet Metamask."

"U.S.-based Ciphertrace posted an update on December 3, 2020, detailing that phisher behind Metamask’s fake extension keeps buying sponsored ads on Google, which appear when people search for “metamask” term."

"@Google is allowing a phisher to buy sponsored ads on their search results. When using crypto, try to use direct links, and if you need to use search, watch out for sponsored links."

Further Analysis

Users may go to install MetaMask by searching Google and clicking on the top result - a sponsored link which claims to be the MetaMask website. After installing the MetaMask extension and setting up a wallet, any funds sent there would be drained. If they choose to restore an existing wallet, all their current funds would also be drained. This is because they installed malware instead of the actual MetaMask extension.

How Could This Have Been Prevented?

Never install a wallet through sponsored ads.

More Cryptocurrency Exchange Hacks/Scams/Frauds

DeTrade Fund > > < < Compounder Finance Rug Pull

Sources/Further Reading

Fraudulent Crypto Browser Extension Redirects to a Fake Metamask Domain – News Bitcoin News (Dec 31)
@CryptoPhishing Twitter (Dec 31)
@diegomazoro Twitter (Dec 31)
@johnnyehl Twitter (Dec 31)
@polos_kucing Twitter (Dec 31)
@davejevans Twitter (Dec 31)

Join Us!

 Name: Email:
t.me/QuadrigaInitiative /r/QuadrigaInitiative @QuadrigaInit info@quadrigainitiative.com
Sign-Ups: 100%

Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected User. For questions or enquiries, email info@quadrigainitiative.com.