DESCRIPTION OF EVENTS
"A crypto wallet & gateway to blockchain apps" "Start exploring blockchain application in seconds. Trusted by over 1 million users worldwide."
"[A] fraudulent extension redirects victims to installmetamask.com, which is not an official site of Metamask. Per Whois information, the web domain was registered on November 29, 2020. Ciphertrace found out the first mention in Twitter of the fraudulent domain from a user who asked Metamask team about the site’s authenticity"
"According to an alert published by Ciphertrace, since December 2, 2020, they have been noticing “an uptick of alerts and comments” about crypto funds stolen via a Chrome browser extension posing as the ethereum (ETH)-based wallet Metamask."
"U.S.-based Ciphertrace posted an update on December 3, 2020, detailing that phisher behind Metamask’s fake extension keeps buying sponsored ads on Google, which appear when people search for “metamask” term."
"@Google is allowing a phisher to buy sponsored ads on their search results. When using crypto, try to use direct links, and if you need to use search, watch out for sponsored links."
Users may go to install MetaMask by searching Google and clicking on the top result - a sponsored link which claims to be the MetaMask website. After installing the MetaMask extension and setting up a wallet, any funds sent there would be drained. If they choose to restore an existing wallet, all their current funds would also be drained. This is because they installed malware instead of the actual MetaMask extension.
HOW COULD THIS HAVE BEEN PREVENTED?
Never install a wallet through sponsored ads.
Fraudulent Crypto Browser Extension Redirects to a Fake Metamask Domain – News Bitcoin News (Oct 10)
@CryptoPhishing Twitter (Jul 24)
@diegomazoro Twitter (Jul 24)
@johnnyehl Twitter (Jul 24)
@polos_kucing Twitter (Jul 24)
@davejevans Twitter (Jul 24)