Fake MetaMask Wallet Suspension and Appeal Scams
Criminals send emails or pop-up notifications claiming a user's MetaMask wallet has been 'suspended' and directing them to a fake appeal page that harvests their Secret Recovery Phrase.
Part of: Fake Suspended Account Appeal Scams
Last reviewed: 8 June 2026
MetaMask is a non-custodial wallet — the user's keys are stored locally or in the browser, not on MetaMask's servers, and MetaMask has no ability to 'suspend' or 'freeze' a wallet address. Despite this technical reality, many wallet users do not fully understand the non-custodial model and can be alarmed by urgent notices claiming their wallet has been flagged.
Fraudsters exploit this knowledge gap by sending phishing emails with subject lines such as 'Your MetaMask wallet has been temporarily suspended due to suspicious activity' and directing users to a 'MetaMask Wallet Verification Portal.' The portal requests the Secret Recovery Phrase as the only way to 'restore wallet access.'
Providing the SRP (also called seed phrase or mnemonic) to any website gives that party complete and permanent control of every account derived from it. MetaMask will never ask for a Secret Recovery Phrase through an email or web page. The phrase should never be entered anywhere other than the MetaMask extension itself, and only when restoring a wallet on a new device.
How this scam works on the MetaMask brand
The phishing email arrives from an address such as [email protected] (not metamask.io) and warns that 'unusual transaction patterns' have triggered a temporary wallet restriction. A button labeled 'Verify Your Wallet' links to a cloned MetaMask interface showing a sequence of steps: identity verification, followed by a 12 or 24-word phrase entry form described as a 'cryptographic ownership check.'
The form often uses a convincing UX that mimics MetaMask's onboarding interface, including word-by-word entry boxes that match the real wallet restoration experience. Once all words are entered, the site shows a progress spinner claiming to 'unlock' the wallet while silently transmitting the phrase to the attacker. The attacker then imports the phrase into their own MetaMask instance and drains all assets.
MetaMask's genuine support is at support.metamask.io. The extension itself will occasionally show security warnings, but these appear within the extension popup — not via external emails or browser redirects to a third-party domain.
Common red flags
- Email warns that your MetaMask wallet is 'suspended' — MetaMask cannot suspend a self-custody wallet
- Verification page asks you to enter your 12 or 24-word Secret Recovery Phrase
- Email sender domain is not @metamask.io
- The 'verification portal' URL is not metamask.io
- Urgent deadline language — 'wallet will be permanently deleted in 48 hours'
- The process is framed as required for 'compliance' or 'security review' despite MetaMask having no custodial relationship with users
How to protect yourself
- Understand that MetaMask is non-custodial and cannot suspend or delete your wallet — any such claim is fraudulent
- Never enter your Secret Recovery Phrase on any website, in any chat, or to any person for any reason
- Manage MetaMask security settings only from within the MetaMask browser extension itself — not external web pages
- Report suspicious MetaMask emails to your email provider as phishing and delete them without clicking any links
- Bookmark support.metamask.io and use it for all genuine support needs
How to report it
- Forward phishing emails to MetaMask via support.metamask.io's security report category
- Submit the phishing URL to MetaMask's community phishing list at github.com/MetaMask/eth-phishing-detect
- Report to IC3.gov (US), Action Fraud (UK), or your national cybercrime authority
- If your phrase was compromised, immediately move all assets to a new wallet on a clean device before the attacker does
Frequently asked questions
Can MetaMask actually suspend or freeze a wallet?
No. MetaMask is a non-custodial wallet. Your keys are held by you, not MetaMask. MetaMask has no technical ability to suspend, freeze, or delete a wallet address. Any message claiming otherwise is fraudulent.
What is the Secret Recovery Phrase and why is it so sensitive?
The Secret Recovery Phrase (seed phrase) is the master key that generates all accounts in your wallet. Anyone who has it has complete, permanent, irrecoverable control of your funds. It should never be shared with any person or website under any circumstances.
I entered my seed phrase on the fake site — what should I do?
Act immediately. On a clean, separate device, import your seed phrase into a new MetaMask instance and transfer all funds to a brand-new wallet with a new seed phrase before the attacker does. The compromised wallet is permanently unsafe.