Fake 2FA alerts used to steal MetaMask seed phrases

Beincrypto reports a new phishing campaign targeting MetaMask users that mimics a two-factor authentication (2FA) flow to trick victims into revealing their wallet seed phrases. SlowMist’s CSO highlighted the scam in a post on X, saying attackers send emails that appear to come from MetaMask Support, using professional branding such as the fox logo and color scheme and domains that differ from the official one by a single letter.

Victims who follow the phishing site are guided through a realistic security process and ultimately asked to enter their seed phrase as part of a supposed "2FA security verification." A seed phrase is the master key to a wallet: anyone with it can transfer funds without the owner’s approval, recreate the wallet on another device, gain full control over all associated private keys, and sign and execute transactions independently.

The scam has re-emerged as crypto activity and retail interest show early signs of recovery. Data in the report shows phishing losses fell about 83% in 2025 to roughly $84 million, down from nearly $494 million the prior year. "Phishing losses tracked closely with market activity.

Key Topics

Crypto, Metamask, Seed Phrase, Two-factor Authentication, Phishing Scam, Slowmist