Sophisticated Phishing Attack Targets MetaMask Users Through Fake 2FA Security Alerts
SlowMist reported that on Jan. 5, 2026, attackers ran a coordinated phishing campaign that used counterfeit two-factor authentication (2FA) prompts to steal MetaMask recovery phrases and trigger rapid, automated wallet drains. On-chain investigators flagged aggregate losses exceeding $107,000 across hundreds of EVM wallets, with individual thefts typically ranging from $500 to $2,000.