Main navigation

Unbelievably Dangerous Phishing Design Revealed by CertiK: Check Your MetaMask

Thu, 04/13/2023 - 17:05
article image
Vladislav Sopov
Here's how fake applications can utilize legit MetaMask wallets - and how to avoid being tricked by sophisticated scams
Unbelievably Dangerous Phishing Design Revealed by CertiK: Check Your MetaMask
Cover image via
Read U.TODAY on
Google News

Cryptocurrency scammers managed to mimic the activity of legitimate dApps to steal funds from users' wallets. The modal window —  a key element of crypto wallets' user interfaces — can be easily used to mislead crypto owners.

Hackers exploit mainstream wallet protocol for "modal phishing," CertiK says

Crypto hackers are using sophisticated phishing techniques to drain victims' wallets. Namely, they can gain control over the "modal windows" of noncustodial wallets to lure their owners into approving the wrong transactions. Such attacks are described in a new Modal Phishing in Web3 Mobile Wallets report by leading cybersecurity team CertiK.

The hackers managed to send phishing messages to mobile wallets being recognized as legitimate decentralized applications (dApps). As a result, a user can lose his/her money by approving a "Security Update" transaction on MetaMask.

Two phishing scenarios are the most common in early 2023: hackers can either manipulate WalletConnect open-source protocol to gain control over dApp information UI elements or obtain control over smart contracts directly.

In the first scenario, attackers can replace the transaction request parameters (amount of tokens, type of tokens, destination address and so on) after approval by the user.

CertiK team reported this vulnerability to the WalletConnect team; developers confirmed the issue and are working on mitigating it through an emergency update.

Never approve suspicious transactions in your MetaMask

The second scenario is even more tricky: the scammers can change the name of methods (commands used by Web3 applications) to make the wallets display the wrong messages.

The user might think that he or she is approving a "Security Update" through a MetaMask wallet once the attackers use this name to label scam transactions approvals.

Unfortunately, CertiK unveiled a phishing contract that managed to steal funds from crypto users for 200 days.

The CertiK team yet again stresses that users should be super cautious and even skeptical about every unknown transaction request — even those labeled as a security upgrade.

article image
About the author

Blockchain Analyst & Writer with scientific background. 6+ years in IT-analytics, 3+ years in blockchain.

Worked in independent analysis as well as in start-ups (, Monoreto, Attic Lab etc.)