On June 7, 2018, User WeaponizedMath reported on Reddit that our site BTCManager was serving a phishing popup that only affected the users of MetaMask browser plugin. We were able to resolve the issue within 24 hours of the report.
For more info on what Phishing, we recommend the wiki article.
Moreover, we have not heard from anyone saying they lost currency because of it on our site. A big part of this goes to the quick response of the MetaMask team in warning their plugin users. We are also grateful for quick whitelist after the issue was confirmed resolved.
We have removed BTC Manager from our block list. It appears that this long-standing publication was victim to a hack, that attempted to phish our users.
Stay vigilant. Only ever enter your seed after clicking the fox directly.https://t.co/CHz3xGReOB
— MetaMask (@metamask_io) June 8, 2018
What Was the Phishing Attempt?
Initial investigating found the attacker made a popup clone of MetaMask asking users to restore their vault with their private key due to updates with the extension. It did not steal anything without interaction. A user would have had to put in the private key theirself. Naturally, MetaMask or any other wallet never asks for a user’s seed out of nowhere, ever! It should be noted that we don’t have any method of payment or donation on the site. So, there would be no reason for the plugin to be active. Metamask wrote the following in a related Medium post:
“MetaMask will never spontaneously ask you for your seed words,