MetaMask Impersonation Scams
Scammers impersonate MetaMask to steal seed phrases by claiming wallet sync or update is required. MetaMask will never ask for your 12-word Secret Recovery Phrase anywhere outside the app setup screen.
Last reviewed: 1 June 2026
MetaMask is the most widely used browser-based crypto wallet, and its popularity makes it a constant target for seed-phrase theft. Fraudsters create fake MetaMask websites, browser extensions, and social media accounts that replicate the wallet's interface and instruct users to 'sync' or 'restore' their wallet by entering their Secret Recovery Phrase.
Once a seed phrase is captured, the attacker has permanent, irrevocable access to every asset in the wallet. No support process, update, or sync ever requires you to enter your seed phrase anywhere other than the initial setup screen of a newly installed, legitimate MetaMask wallet.
How scammers impersonate it
- Creating fake MetaMask websites that prompt users to enter their Secret Recovery Phrase
- Publishing malicious browser extensions that mimic the MetaMask interface
- Running sponsored search ads that appear above the real MetaMask in search results
- Sending direct messages on Discord and Telegram claiming to be MetaMask support
- Posting fake 'MetaMask wallet migration' alerts on social media during real network upgrades
What the real organisation never does
- Ask for your 12-word Secret Recovery Phrase through any website, email, or chat
- Offer customer support via direct message on social media or Telegram
- Require a 'sync fee' or any crypto payment to restore or update your wallet
- Send unsolicited messages about your wallet balance or transaction history
Common red flags
- Any website, pop-up, or message asking for your seed phrase
- MetaMask extension found in a third-party browser store rather than the official site
- Social media 'support agent' sending a DM offering to fix your wallet
- Urgency about a wallet migration, update, or token claim that requires seed entry
- Sponsored search result linking to a domain that is not metamask.io
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
Website pop-up: 'Your MetaMask wallet requires urgent synchronisation. Enter your Secret Recovery Phrase to continue: [fake form].'
Discord DM: 'Hi, I am from MetaMask Support. To fix your issue, please visit [fake link] and restore your wallet.'
Fake ad: 'MetaMask — Official Wallet Update Required' linking to metamask-update.com.
How to verify
- Only download MetaMask from metamask.io or the official Chrome/Firefox extension stores
- Never enter your seed phrase anywhere except the initial setup screen of a fresh MetaMask install
- Check MetaMask's official Twitter/X and support pages for any real migration notices
- Use hardware wallet integration (Ledger/Trezor) so the seed phrase never touches an internet-connected device
What to do if you're targeted
- If you entered your seed phrase, transfer all assets to a new wallet immediately — assume the old one is compromised
- Report fake sites to Google Safe Browsing and to MetaMask at support.metamask.io
- Warn your community with a screenshot (domain redacted) so others are not caught
Frequently asked questions
Is there ever a reason to enter my seed phrase online?
No. The only legitimate use of your Secret Recovery Phrase is to restore a MetaMask wallet locally after installation. Any website or person requesting it is attempting theft.