Trust Wallet & MetaMask Crypto Wallets: Targeted by New Support Scam

Users of Trust Wallet and MetaMask wallets are the targets of ongoing malicious Twitter phishing attacks aimed at stealing cryptocurrency funds. MetaMask and Trust Wallet are mobile apps that enable users to create wallets to store, buy, send, and receive cryptocurrency and NFTs. 

When users first open the MetaMask or Trust Wallet apps, they are prompted to create a new wallet. The app then displays a 12-word recovery phrase and encourages users to save it somewhere safe as part of this procedure. This recovery phrase is used by the apps to generate the private keys needed to enter the wallet. Anyone who knows the recovery phrase can import the wallet and access the cryptocurrency funds it contains. 

BleepingComputer has been monitoring a Twitter phishing scam that targets Trust Wallet and MetaMask users and steals cryptocurrency wallets by spreading fake technical support forms for the past two weeks. The phishing scam begins with authentic MetaMask or Trust Wallet users tweeting about a problem with their wallets. Theft of money, problems accessing their wallets, and problems using the apps are all examples of these problems. 

Scammers respond to these tweets by posing as members of the app’s support team or users who claim that “Instant support” helped them with the same problem. Users are encouraged to fill out a support form by visiting the included docs.google.com or forms.app links. 

Users who click on these links will be taken to a page that looks like a help form for Trust Wallet or MetaMask. These forms ask for the visitor’s email address, name, the problem they’re having, and then the scam’s crown jewel: the wallet’s 12 recovery phrases. Threat actors may use a Trust Wallet or MetaMask user’s recovery phrase to import the victim’s wallet on their own devices and steal all of the deposited cryptocurrency funds.

Unfortunately, there is nothing that a user can do to recover funds after they have been stolen by a threat actor. Phishing scams involving cryptocurrency have previously been extremely popular, with one MetaMask user losing over $30,000 in cryptocurrency after sharing their recovery phrase. 

The Trust Wallet and MetMask users should never share their wallet’s recovery phrase or type it into any app or website. Furthermore, for help requests, a legitimate organization would not use Google Docs or online form-building sites. Just seek assistance from the specific pages affiliated with the app or computer you’re having trouble with. 

When it comes to cryptocurrencies and financial assets, the user should always type the URL they wish to visit into their browser rather than relying on links in emails, as it is simple to build lookalike domains that impersonate legitimate sites. This way, users can avoid mistakenly clicking on phishing sites that impersonate a legitimate service.