Fake MetaMask Mobile App That Captures Seed Phrases on Setup
Counterfeit MetaMask apps on unofficial stores and phishing sites simulate the wallet creation and recovery flow but transmit newly created or imported seed phrases to attackers, draining any funds transferred to the newly set-up wallet.
Part of: Fake App Downloads
Last reviewed: 8 June 2026
MetaMask is the most widely installed Ethereum wallet, and its mobile app is central to how millions of users interact with DeFi and NFT platforms. Criminals have created nearly pixel-perfect copies of the MetaMask mobile app that replicate the setup flow but silently capture the seed phrase — whether the victim creates a new wallet or imports an existing one.
The fake app is particularly dangerous during onboarding: a new user setting up MetaMask for the first time follows the fake app's setup steps, generates a seed phrase, writes it down (as instructed), and begins using the wallet — unaware that the seed phrase was transmitted to the attacker at generation. Any funds subsequently deposited into the 'new' wallet are immediately accessible to the attacker.
Experienced users who install the fake app to 'restore' an existing wallet hand over their real seed phrase and all associated accounts.
How this scam works on the MetaMask brand
The genuine MetaMask mobile app is published by ConsenSys on the Apple App Store and Google Play Store. It is also available as a browser extension from metamask.io. Any MetaMask app from a third-party source, APK repository, or link embedded in a communication is suspect.
Fake MetaMask apps reach users through search ads that mimic official results, through phishing sites masquerading as metamask.io, and through Telegram groups promoting a 'faster' or 'gas-free' version. Some variants advertise themselves as 'MetaMask Lite' or 'MetaMask Pro.'
During setup, the fake app generates a real-looking seed phrase using genuine BIP-39 wordlist entries but simultaneously transmits it to the attacker's server. The victim writes down the phrase, completes setup, and begins using the wallet. When funds arrive, the attacker — monitoring for incoming transactions on the pre-known address — sweeps them immediately.
Common red flags
- You downloaded the MetaMask app from a link in an email, social media post, or a website other than official app stores or metamask.io
- The app is named 'MetaMask Lite,' 'MetaMask Pro,' or any variant not recognised on the official metamask.io site
- The publisher name in the app store is not 'ConsenSys'
- The app requests permissions — such as camera or SMS access — that a basic wallet app does not need
- Funds deposited to the new wallet disappear almost immediately after arrival
- The app's review count or download number is unusually low for a wallet claiming millions of users
How to protect yourself
- Install MetaMask only from the official Apple App Store (publisher: ConsenSys) or Google Play Store, or as a browser extension from metamask.io
- Never import your existing seed phrase into a newly downloaded MetaMask app until you have verified the publisher
- Use a hardware wallet as your primary signing device — even if MetaMask is compromised, funds in a hardware wallet require physical confirmation
- After setting up any new wallet app, send a very small test amount before depositing significant funds
- Check that the app's package name on Android matches io.metamask before installation
- If funds disappear from a new wallet, the seed phrase was likely captured — create a new wallet from the genuine app and do not reuse the compromised seed
How to report it
- Report the fake app to the Apple App Store or Google Play Store abuse team
- Report the phishing site or APK source to MetaMask at metamask.io/security
- Submit the malicious URL to Google Safe Browsing at safebrowsing.google.com/safebrowsing/report_phish/
- File a report with the FTC at reportfraud.ftc.gov
- Report to IC3.gov (US) or Action Fraud 0300 123 2040 (UK)
Frequently asked questions
How would a fake app capture my seed phrase if it looks and works normally?
The fake app generates a genuine-format seed phrase but simultaneously sends it to the attacker's server over the internet during setup. To you it appears as a normal 12 or 24-word phrase. The app may function normally for a while, which delays your realisation that it was compromised.
Is the genuine MetaMask app available on Android outside the Play Store?
MetaMask does publish builds on its GitHub for advanced users, but for most people the Play Store version is the safest choice. Any APK not from the official GitHub release or the Play Store carries a significant risk of tampering.
Can I use the same seed phrase in a new genuine MetaMask app after removing a fake one?
No. Once a seed phrase has been exposed to a fake app, treat it as permanently compromised. Create a new seed phrase in a genuine MetaMask installation and transfer any remaining funds to the new address immediately.