MetaMask Users Targeted in Urgent 2FA Phishing Scam

• Scammers target MetaMask 2FA, tricking users into entering secret recovery phrases via fake security alerts.
• Past attacks caused $650K losses in NFTs and tokens; vigilance and official channels prevent similar breaches.
• Experts advise using MFA, email security systems, and verifying sender emails to block phishing attempts.

MetaMask, a cryptographic wallet, has warned its consumers of a serious phishing attempt concerning their two-factor authentication (2FA) codes. Phishers had mailed a message that consumers must update their two-factor verification by January 4, 2026, to remain unfettered when using their wallets.

Early on January 5, blockchain security expert 23pds, partner and CISO at SlowMist, alerted the industry on social media. The phishing attempt aimed to steal mnemonic phrases by tricking users into interacting with fraudulent security pages.

Scammers created realistic 2FA verification interfaces with countdown prompts, urging users to enter secret recovery phrases. Besides impersonating MetaMask, these emails included links to malicious sites mimicking official security alerts.

Malware researcher Tomas Meskauskas previously explained the scam in detail, emphasizing that users must verify sender email addresses. He warned, “Users should not blindly trust emails from companies that appear legitimate.” Hence, cautious handling of unexpected emails remains critical for crypto security.

Previous Incidents and Ongoing Threats

This attack follows a history of similar threats. Last year, Australian cybersecurity provider MailGuard blocked a phishing email claiming unusual activity on MetaMask accounts. The email urged recipients to activate 2FA immediately to avoid temporary account locks.

MailGuard cautioned, “One cleverly worded email is all it takes for scammers to steal sensitive data or spread malware.” Consequently, deleting suspicious emails is essential to protect digital assets.

MetaMask has also suffered massive losses as a result of phishing attacks. The 2022 incident led to the loss of more than 650,000 NFTs and APE tokens. On the other hand, the ConsenSys-funded project MetaMask made it clear they would never send an email asking for the recovery phrase, Apple, and Google accounts. They stressed the importance of activating 2FA.

Security Recommendations for Users

Halborn cybersecurity experts urge crypto companies to establish robust phishing incident responses. Immediate action can minimize damage, while professional response teams reduce risks during attacks.

Additionally, activating multi-factor authentication (MFA) and using email security systems help block phishing attempts. The MetaMask support team stressed, “The company will never send random confirmation emails or request secret recovery phrases.”