We recently noticed that some third-party companies and individuals impersonated the TOPONE Markets brand and illegally misappropriated our trademarks.

We Hereby Reiterate Our Statement:

  • TOPONE Markets does not provide discretionary account operation trading services, nor does it cooperate with other third-party vendors and/ or agents to provide such services.
  • TOPONE Markets staff will not promise to our customer the definite profit, please do not trust any kind of the profit promise or profit related picture, such as screenshot/ chat history, etc, all investment profit can be only viewed on our official website and application.
  • TOPONE Markets is a professional online trading platform with low spreads and zero handling fees. Be wary of any behavior that asks you for any fees directly and privately. TOPONE Markets does not charge a fee at any stage of its trading process or other fee.

If you have any questions or concerns, please feel free to reach us by clicking the "Online Customer Support" or send an email to our customer care team cs@top1markets.com. We will answer your questions and assist you promptly.

Understood
We use cookies to learn more about how you use our website and what we can improve. Continue to use our website by clicking "Accept". Details
Market News Cybersecurity Firm Halborn Warns of New Active MetaMask Phishing Campaign

Cybersecurity Firm Halborn Warns of New Active MetaMask Phishing Campaign

A fresh alert regarding a scam email that targets users of MetaMask has been released by a technical education expert at Halborn.

Cory Russell
2022-08-02
1084

微信截图_20220802105000.png


The popular cryptocurrency wallet MetaMask users are the focus of a new phishing attempt, according to Halborn, a cybersecurity business that shields blockchain organizations from online threats.


Although fraudsters use a wide variety of phishing tactics, this one in particular depends on passphrases.

Phishing campaign ongoing

The circulating scam email contains a fake MetaMask header and logo, according to Halborn, which has collaborated with more than 150 blockchain organizations, including THORChain (RUNE) and Avalanche (AVAX).


Users are directed to a clickable button with a time-sensitive "check your wallet" prompt in the email, which claims to be from MetaMask. Subject line requests users to follow Know Your Customer (KYC) policies and mentions an open support issue.


An industry standard known as "KYC compliance" refers to the required gathering and usage of consumer data beyond only collecting fundamental proof of identity. According to Anti-Money Laundering (AML) regulations, the method is essential for confirming a customer's risk and financial profile.


The phishing effort also uses the fictitious website metamaks.auction. Users will see that the server used to send the message (unicarpentry.onmicrosoft.com) is unrelated to the actual service when they examine other parts of the email.

Warning

Users are urged by Halborn to look out for warning signs in emails, such as misspellings and a lack of personalization, both of which are common in these communications. For instance, the blockchain security company points out that if this email really came from a financial institution or a well-known cryptocurrency wallet service like MetaMask, it would include the recipient's true name, additional ID information, and more explicit instructions.


Users should never click on any buttons or links they receive by email, SMS, or WhatsApp, the business stated. They should also always check the URL by hovering their cursor over the button or link before clicking on it.


A wallet issue that affects a subset of users across many browser-based wallets, including MetaMask, was revealed by Halborn researchers in June. They exposed a situation in which a user's private keys might be discovered unencrypted on a drive in a hacked machine.


As a result, MetaMask, which as of March this year had over 30 million monthly active users, put mitigations in place for these problems and patched its extension versions 10.11.3.


Last week, cryptocurrency lender Celsius said that a third-party data breach had resulted in the exposure of some of its client data. The business claims that a Customer.io messaging platform developer exposed the list of customer email addresses.

Previous
Next

Bonus rebate to help investors grow in the trading world!

Need Assistance?

7×24 H

Download the APP for Free