Phishers Target Trust Wallet and MetaMask Users on Twitter
According to a report by Bleeping Computer, users of the Trust Wallet and MetaMask crypto wallets are being actively targeted by phishers on Twitter who pose as technical support representatives. The goal of this campaign is to steal users’ cryptocurrency.
The MetaMask and Trust Wallet mobile apps allow users to create wallets for storing, buying, sending, and receiving various cryptocurrencies and NFTs. When a user launches either app for the first time, they are prompted to create a new wallet. As part of this process, the user must come up with a 12-word recovery phrase and store it in a safe place. This phrase is essential for generating the private keys needed to access the wallet. In other words, anyone who knows this phrase can import the wallet onto their own device and access the funds stored within.
How the Phishing Scam Works
For about two weeks, a malicious campaign has been running on Twitter. It typically starts when a legitimate user of MetaMask or Trust Wallet posts a complaint on the social network about an issue they are experiencing—ranging from stolen funds and access problems to difficulties using the app.
Scammers quickly respond to these tweets, pretending to be the app’s support team or another user who claims that “Instant Support” recently helped them with the exact same problem. In their messages, the scammers recommend that the victim follow a link to docs.google.com or forms.app to fill out a support request and receive assistance.
The Phishing Page
After clicking the link, the user is taken to a phishing page that appears to be a support request form for Trust Wallet or MetaMask. Here, the victim is asked for their email address, name, a description of the problem, and then is prompted to enter their 12-word wallet recovery phrase.
If a trusting user falls for the scam and provides their recovery phrase, the attackers can import the victim’s wallet onto their own device and steal all the cryptocurrency stored in it.
What to Do If You’re Targeted
Journalists note that there is very little that can be done in such situations, and victims are unlikely to recover their funds. The report emphasizes that you should never share your wallet recovery phrase with anyone, on any website or in any app.