Back
SlowMist Warns of New 2FA Scam Targeting MetaMask Users

SlowMist Warns of New 2FA Scam Targeting MetaMask Users

According to blockchain security firm SlowMist, attackers are using spoofed 2FA verification emails to trick MetaMask users into revealing their seed phrases.

Fact Check
The statement is strongly supported by multiple, independent, and high-relevance sources. The first four sources, which have authority scores ranging from 0.70 to 0.85, all directly and consistently report that the blockchain security firm SlowMist, specifically a Chief Information Security Officer or executive, issued a warning about a new 2FA phishing scam targeting MetaMask users. These sources, including reports from Binance News, Phemex, and Bitget, all describe the same scam mechanism: tricking users with fake 2FA verification pages to steal their seed phrases. The consistency across these different news outlets significantly strengthens the credibility of the claim. Although there are some minor discrepancies in the summaries regarding which outlet published which article, the core message is identical. The remaining sources are either weakly supportive or irrelevant, and critically, there is no conflicting evidence presented. The overwhelming and corroborating evidence from credible sources makes the statement highly likely to be true.
Summary

Blockchain security firm SlowMist has identified a phishing scam targeting MetaMask users through spoofed “2FA verification” emails. The fraudulent messages direct victims to fake security pages that mimic MetaMask and prompt them to enter their seed phrases, leading to asset theft. SlowMist emphasized that MetaMask never requests seed phrases for verification and urged users to remain vigilant against such unsolicited prompts.

Terms & Concepts
  • 2FA (two-factor authentication): A security mechanism requiring two separate forms of verification, commonly misused by attackers in phishing scams to appear legitimate.
  • MetaMask: A widely used Ethereum-compatible crypto wallet that allows users to store assets and interact with decentralized applications.
  • Seed phrase: A sequence of words that grants full access to a crypto wallet; exposure allows attackers to control and drain the wallet.