A sophisticated new phishing campaign is actively draining MetaMask wallets by impersonating an urgent “2FA Security Check” required by the official extension — tricking users into approving malicious transactions that hand over full control of their funds.
The scam spreads primarily through targeted DMs on X, Discord, Telegram, and fake pop-up notifications that appear legitimate within the MetaMask interface (via injected malicious scripts or compromised dApps). Victims receive messages claiming: “Your MetaMask wallet has triggered a mandatory 2FA security verification due to suspicious activity. Complete the check within 5 minutes to avoid account suspension.” The link leads to a near-perfect clone of the official MetaMask site, prompting users to connect their wallet and “verify” by signing a seemingly harmless Permit or approval transaction.
In reality, the signed message grants unlimited spending approval on major tokens (USDT, ETH, WETH, WBTC, etc.) to attacker-controlled contracts. Once approved, funds are instantly swept — with losses reported from a few hundred dollars to multi-million dollar whale wallets in the past 48 hours. On-chain analysts have already flagged dozens of drained addresses linked to the same malicious contract clusters.
MetaMask’s official team issued an urgent warning on January 6, stating: “MetaMask will NEVER ask you to sign a transaction to verify 2FA or secure your account. This is a phishing scam. Do not connect or sign anything from unsolicited messages.” They also reminded users to verify URLs (always metamask.io), enable hardware wallet integration, and use transaction simulation tools like those built into newer versions.
Despite the warnings, the scam continues to evolve rapidly — with new domains, updated phishing pages, and even deepfake voice messages in Telegram groups pretending to be MetaMask support. Community trackers estimate total stolen value already exceeds $8–12 million since the campaign began scaling in late December 2025.
The story exploded across crypto Twitter starting early January 6, with screenshots of fake 2FA prompts, drained wallet proofs, real-time scam alerts, and savage roast memes flooding feeds. Security researchers, degens, and everyday users are sharing desperate recovery threads while calling for better built-in wallet protections against social-engineering attacks.
#Crypto dominates global discussions with massive volume.
#MetaMask trending amid massive phishing wave.
#Phishing surges in security scam warnings.
#CryptoNews buzzing with wallet drain updates.
#Bitcoin remains a top trend with huge activity.
#Blockchain thrives in self-custody safety debates.
#DeFi continues strong in phishing prevention conversations.
Stay ahead in the fast-evolving crypto security and wallet safety landscape — subscribe to our exclusive newsletters for daily insights, in-depth analysis, and timely scam alerts at www.token10x.com. Join our WhatsApp channel for real-time alerts and community discussions – click here. Dive into more articles on www.token10x.blog. Join our growing community today!
What’s your take — is this latest MetaMask “2FA Security Check” phishing wave proof that social engineering remains the biggest threat in crypto, or will better UX and simulation tools finally make self-custody safe enough for the masses? Drop your thoughts below 👇