Whitemam8a MetaMask DuckDuckGo Phishing Scam
Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Reddit user whitemam8a was tricked into installing a malicious MetaMask wallet. After entering his seed phrase (part of the standard process of setting up a new wallet), he realized that all of his accounts were empty.
About whitemam8a
TBD
About MetaMask
"Today I was the victim of a Metamask phishing scam when trying to import a Metamask wallet to a new browser."
"While searching for Metamask on Duckduckgo the first two results displayed for me were scam Metamask websites that link to a nearly identical looking website. I imported my wallet over, and to my horror when I check the account it is empty. After double checking the url, I realized what had happened."
"The truly crazy part is that this isn't just duckduckgo that this is an issue for. Google and every other major search engine I tried ALL list these advertised scam Metamask websites as their first results. This is completely insane to me and I simply wish to bring this to attention. I realize I am not the most tech savvy person of all time but, I imagine many are in a similar position as I. From here on out I will at the very least be double checking ALL urls."
"Ad[d]itionally, I am curious if anyone else encountered this scam. If so what is my best course of action to resolve this issue? I have opened a ticket with Metmask and will report back what they have to say. I would imagine this is quite a common occurrence and if my suspicions are correct these types of incidents are only going to drive more people away from Ethereum, Metamask, and crypto in general."
This is a global/international case not involving a specific country.
The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
Include:
- Known history of when and how the service was started.
- What problems does the company or service claim to solve?
- What marketing materials were used by the firm or business?
- Audits performed, and excerpts that may have been included.
- Business registration documents shown (fake or legitimate).
- How were people recruited to participate?
- Public warnings and announcements prior to the event.
Don't Include:
- Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
- Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.
The Reality
MetaMask phishing scams are common, especially through sponsored search results[1].
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
Date | Event | Description |
---|---|---|
May 19th, 2021 2:28:07 PM MDT | Reddit Post Made | Reddit user whitemam8a posts details about their loss on Reddit. From their story, they were attempting to import their MetaMask wallet to a new browser, and clicked on a malicious sponsored advertisement. After the import was complete, they found that their wallet was empty[2]. |
May 19th, 2021 2:50:14 PM MDT | Taking Responsibility | whitemam8a responds to take full responsibility for not double checking the URL[3]. |
May 19th, 2021 3:11:23 PM MDT | Setting Up Clarification | whitemam8a clarifies that he was in the process of setting up his browser at the time[4]. |
May 19th, 2021 7:10:43 PM MDT | Providing Phishing URL | whitemam8a provides the URL which was used in the phishing attack[5]. |
May 19th, 2021 10:02:18 PM MDT | Inquiry About Legal Recourse | whitemam8a asks about the potential for legal recourse against the attacker or DuckDuckGo[6]. |
October 11th, 2021 6:35:09 AM MDT | No Recourse Available | whitemam8a responds to another user to indicate that no recourse was available to them[7]. |
Total Amount Lost
The total amount lost has been estimated at $79,000 USD[8].
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
whitemam8a posted details of what happened on Reddit[2]. They appear to have quickly accepted that they made the mistake[3].
Today I was the victim of a Metamask phishing scam when trying to import a Metamask wallet to a new browser. While searching for Metamask on Duckduckgo the first two results displayed for me were scam Metamask websites that link to a nearly identical looking website. I imported my wallet over, and to my horror when I check the account it is empty. After double checking the url, I realized what had happened.
Reddit user Baron_Rogue echoed a strong sentiment against sponsored advertisements in search engines[9].
Search engines sell top results to the highest bidder, i instinctively scroll past now. Sorry for your loss but thanks for warning others.
Reddit user teiubesctare28 had some interesting advice against DuckDuckGo[10] (although Google has had it's fair share of malicious ads[1]).
Duck duck go. Man use Google next time for this kind of search. Don't joke with security.
Also security 101. Don't click in Google ads. Always use the second or third google link
Anywho sorry for your loss
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
General Prevention Policies
Access popular services through bookmarks or directly typing the URL, rather than trusting any search results.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ 1.0 1.1 MetaMask phishing steals cryptocurrency wallets via Google ads - BleepingComputer (Mar 29, 2023)
- ↑ 2.0 2.1 whitemam8a - "I just lost all my ETH. BE CAREFUL OF METAMASK PHISHERS" - Reddit (Sep 13, 2022)
- ↑ 3.0 3.1 whitemam8a - "You are absolutely right.... I suppose I learned my lesson the hard way." - Reddit (Apr 4, 2023)
- ↑ whitemam8a - "They get you when you are just setting up a new browser" - Reddit (Apr 4, 2023)
- ↑ whitemam8a - "the url was metamaskio.com instead of metamask.io" - Reddit (Apr 4, 2023)
- ↑ whitemam8a - "do you know if i might have any recourse with law enforcement or maybe the duckduck go ad provider" - Reddit (Apr 4, 2023)
- ↑ whitemam8a - "im afraid not my friend, just learn from the mistake!" - Reddit (Apr 4, 2023)
- ↑ Ethereum Historic Prices - CoinMarketCap (Dec 21, 2021)
- ↑ Baron_Rouge - "Search engines sell top results to the highest bidder, i instinctively scroll past now." - Reddit (Apr 4, 2023)
- ↑ teiubesctare28 - "Man use Google next time for this kind of search. Don't joke with security." - Reddit (Apr 4, 2023)