Hundreds of MetaMask wallets were drained across multiple EVM chains, with losses totaling over $107,000, according to reports. The attack involved phishing emails disguised as mandatory MetaMask upgrades, featuring a party-hat fox logo and a "Happy New Year!" subject line. The emails, sent during the holiday period, exploited users with small per-victim amounts, typically under $2,000, suggesting the drainer operated off contract approvals. The phishing email used the sender identity "MetaLiveChain" and an unsubscribe link for "[email protected]," indicating template theft from legitimate marketing campaigns. The email falsely claimed a mandatory 2026 system upgrade was required. Users can identify phishing attempts by checking for brand-sender mismatches, manufactured urgency, destination URLs, and requests violating core wallet rules.

Hundreds of MetaMask wallets were drained across multiple EVM chains, with losses totaling over $107,000, according to reports. The attack involved phishing emails disguised as mandatory MetaMask upgrades, featuring a party-hat fox logo and a "Happy New Year!" subject line. The emails, sent during the holiday period, exploited users with small per-victim amounts, typically under $2,000, suggesting the drainer operated off contract approvals. The phishing email used the sender identity "MetaLiveChain" and an unsubscribe link for "[email protected]," indicating template theft from legitimate marketing campaigns. The email falsely claimed a mandatory 2026 system upgrade was required. Users can identify phishing attempts by checking for brand-sender mismatches, manufactured urgency, destination URLs, and requests violating core wallet rules.