MetaMask Phishing Campaign Drains Hundreds of Wallets

A phishing campaign that targeted MetaMask users has been successful in draining hundreds of wallets, clearing over $9 million in just a week. The attack, which was identified by on-chain investigator ZachXBT, impersonated the MetaMask service and claimed that a 'mandatory' system upgrade was required.

The attackers used a sophisticated approach to deceive victims, including high-quality impersonation of the MetaMask website and use of legitimate-sounding urgency. They also deployed drainer contracts on multiple EVM chains, including Ethereum, Polygon, Arbitrum, and Base, making it difficult for users to detect the attack.

Fortunately, there are steps that can be taken to protect against such attacks. Users should be cautious when receiving emails or notifications about 'mandatory upgrades' and should always verify the authenticity of the message by typing the official URL into their browser. Additionally, users should regularly revoke unused token approvals and use a hardware wallet for storing large amounts of cryptocurrency.