MetaMask users face a phishing scam using fake 2FA emails. Here’s how to spot red flags and protect your wallet now.
Digital asset holders have come under attack again, after a major MetaMask 2FA security verification phishing scam hit the internet.
Attackers are sending out convincing emails that urge recipients to update their security settings immediately.
These messages claim that if the victim fails to act by a specific deadline will result in restricted access to wallet features. However, these alerts are entirely false and designed to drain digital assets.
The Phishing Scam In View
The scam works by exploiting the victim’s fear of losing funds.
Users receive an email that looks exactly like an official notice from the MetaMask support team. Emails like these often feature the familiar Fox logo and professional branding.
The text also explains that a new two-factor authentication (2FA) requirement is now mandatory. It also says that to “verify” their identity, users are told to click a link before the January 4 deadline.
🚨 New #metamask phishing scam alert
Attackers are impersonating a “2FA security verification” flow, redirecting users via look-alike domains to fake security warnings with countdown timers and “authenticity checks.”
The final step asks for your wallet recovery phrase — once… pic.twitter.com/3bX9U1wZbs
— SlowMist (@SlowMist_Team) January 5, 2026
Security researcher 23pds from the firm SlowMist was among the first to flag this campaign. He warned that these emails redirect users to “typosquatted” domains.
For context, these are websites that look like the real address, but have tiny spelling errors. Once users visit these sites, they see a countdown timer that warns them to act fast by providing their credentials.
If a user does provide this information, the attackers can import the wallet and steal all their funds within seconds.
Proactive Measures Against the MetaMask 2FA Scam
Cybersecurity experts from Halborn have previously urged crypto companies to be more proactive.
They say that since no system can stop every single scam email, users should always verify the sender’s actual email address. Moreover, scammers tend to hide their identity using names like “MetaMask Support” while the actual address is a random string of letters.
With this being said, one of the best ways to stay safe is to remember how crypto wallets actually work.
MetaMask is a self-custodial service.
This means that the company does not have a database of your information, unless you specifically open a support ticket. They will never reach out to you unprompted, and if you receive an email claiming your wallet is “locked” or “suspended,” it is almost certainly a scam.
The security team at ConsenSys (the company behind the wallet) has also released a clear set of rules, stating that the firm will never ask for your recovery phrase under any circumstances.
They also do not require your Apple ID or Google account details to function. If a website asks for your seed phrase to “enable 2FA,” you should close the tab immediately.
Related Reading: SlowMist Raises Public Alert After No Reply From HitBTC
How to Identify and Block Phishing Attempts
To identify scam attempts like these, investors need to have a sharp eye for detail.
Scammers often use professional language, but they sometimes make small mistakes. Look for grammatical errors or shoddy formatting in the email body.
Check the “From” field by clicking on the sender’s name to see the full email address. Legitimate emails from the company typically come from domains like @metamask.io or @metamask.zendesk.com.
Another red flag is the demand for immediate action.
Real updates to blockchain software happen through the browser extension or the mobile app, and you will see a notification inside the app itself when this happens, rather than in your email inbox.
If you are ever in doubt, go directly to the official website by typing the address into your browser manually.