MetaMask Seed-Phrase Phishing Scams
Attackers build near-identical MetaMask interfaces to harvest users' 12-word secret recovery phrases. Once obtained, the phrase gives permanent, irreversible access to every asset in the wallet.
Part of: Seed Phrase Phishing
Last reviewed: 7 June 2026
The seed phrase — called the 'Secret Recovery Phrase' in MetaMask — is the single most sensitive piece of information attached to a self-custody wallet. Stealing it is the primary goal of the majority of MetaMask-targeted phishing attacks, because possession means total, permanent control regardless of any password or lock screen.
MetaMask phishing is uniquely effective because the product's design — a browser popup with a clean, familiar UI — is easy to replicate. A carefully crafted phishing page can look indistinguishable from the genuine MetaMask interface to someone who has not memorized subtle design details.
Those who work in Web3 often treat seed-phrase requests as a categorical red flag with no exceptions: no legitimate protocol, no exchange, no support agent, and no MetaMask update process will ever ask for it. The only legitimate use of a seed phrase is to import a wallet into MetaMask on a new device that you control.
How this scam works on the MetaMask brand
A user encounters a pop-up on a website informing them that their MetaMask wallet has experienced a 'sync error' or 'network disconnection' and they must 'verify' by entering their Secret Recovery Phrase. The pop-up replicates MetaMask's fox logo, color scheme, and typography. The underlying site may have been created specifically for this attack or may be a legitimate site that was temporarily compromised.
Another path is a fake MetaMask support page served through search ads. When someone types 'MetaMask wallet not loading' or 'MetaMask stuck transaction,' they may click an ad to a customer-service page that asks them to submit their seed phrase via a form so a 'support agent' can diagnose the issue.
MetaMask's actual recovery process requires only the seed phrase to be entered locally in the official app — on a device you own, through the MetaMask browser extension or mobile app interface. MetaMask support, reachable at support.metamask.io, works through submitted tickets; no agent has the technical ability to access your wallet even if you share information with them.
Common red flags
- A website pop-up or form asking for your 12 or 24-word Secret Recovery Phrase
- A 'MetaMask support' chat or form that requires the seed phrase to diagnose a technical issue
- An email claiming your MetaMask wallet will be deactivated unless you verify your phrase
- A recovery page appearing outside the official MetaMask app or extension
- The URL of the page requesting the phrase is not metamask.io
- Social media messages from 'MetaMask Help' offering to fix wallet errors if you DM your phrase
How to protect yourself
- Memorize the rule: your Secret Recovery Phrase is entered only in the MetaMask app on a device you own — never online, never in a form
- Write the phrase on paper and store it offline; never in a digital note, cloud storage, or email
- If you see a seed-phrase request in any browser pop-up, close the tab and run a malware scan
- Use MetaMask's support portal at support.metamask.io for genuine help — no ticket system there will ask for your phrase
- Consider moving high-value assets to a hardware wallet where the seed phrase is generated offline
How to report it
- Report phishing sites to MetaMask at support.metamask.io
- Submit the phishing URL to Google Safe Browsing and PhishTank
- Report to IC3.gov (US) or equivalent national cybercrime body
- Report Google ads that link to phishing sites via Google's ad-reporting tool
Frequently asked questions
Does MetaMask ever need my seed phrase to fix a technical issue?
No. MetaMask support agents have no ability to access your wallet even if you provide your seed phrase. No legitimate troubleshooting process requires sharing it. Any request for it is a scam.
What if I see a 'MetaMask wallet blocked' notification on a website?
This is a social engineering tactic. MetaMask cannot block your wallet, and websites cannot detect wallet issues requiring seed-phrase entry. Close the browser tab and open MetaMask directly from its extension icon.
I accidentally entered my seed phrase on a website. What now?
Act immediately: open the real MetaMask app, create a new wallet with a new seed phrase, and transfer all assets to the new wallet before the attacker can drain it. Speed is critical.