There's something to be said for the crypto wallets that do the job and carry on. I've downloaded PLENTY of fancy UI wallets that promised to be the next new sensation, but ended up stagnating as developers left or forgot about them.
Trust Wallet and MetaMask has been one of the best wallets I have used so far. These two wallets are actively developed by multiple teams, depending on the coin, and (usually) just works, no matter what you throw at it.
Cheers to the Trust Wallet and MetaMask developers! You peeps help keep the rest of us sane. 🍻
However, just recently Trust Wallet and MetaMask wallet users were targeted in ongoing and aggressive Twitter phishing attacks to steal their cryptocurrency funds. Many users have lost their entire crypto collection.
What is MetaMask and Trust Wallet?
MetaMask and Trust Wallet are mobile apps available on both Android and iOS, that lets you create wallets to store, buy, send and receive cryptocurrencies and NFTs.
When a user launches MetaMask or Trust Wallet apps for the first time, the app prompts them to create a new wallet. As part of this process, the app shows them a recovery phrase consisting of 12 words and prompts users to save them somewhere safe.
It looks like this:
The apps use this recovery phrase to create the private keys necessary to access your wallet. Anyone who has this recovery phrase can import your wallet and use the cryptocurrency funds stored in it.
So what exactly happened?
For approximately two weeks, BleepingComputer was busy tracking a group of hackers on Twitter that targeted Trust Wallet and MetaMask users who were stealing cryptocurrency wallets by promoting fake technical support forms.
The phishing scam starts with legitimate MetaMask or Trust Wallet users tweeting about a problem they are having with their wallets. These issues range from stolen funds, problems accessing their wallets, or issues using the apps.
The scammers respond to these tweets pretending to be the apps' support team or users who say "Instant support" helped them with the same problem. These tweets recommend that users visit the included docs.google.com or forms.app links to fill out a support form and receive help, as shown below.
These forms request the user to enter their email address, name, the issue they are having, and then, the wallet's 12 recovery phrases.
Once the user submits their recovery phrase, bang, the threat actors can use it to import the victim's wallet on their own devices and steal all of the deposited cryptocurrency funds.
Unfortunately, once a threat actor steals the funds, there is little a user can do to recover them.
Cryptocurrency phishing scams like this have been extremely successful in the past, with one MetaMask user losing over $30,000 in cryptocurrency after sharing their recovery phrase.
How to be safe?
Never enter your wallet's recovery phrase in any app or website or share it with someone else. The only time you should ever use your recovery phrase is to import your wallet on a new device you own.
As it is easy to create lookalike domains that impersonate legitimate sites, when it comes to cryptocurrency and financial assets, always type the URL you wish to visit into your browser rather than relying on links in emails.
NEVER provide your recovery phrase to anyone.
