Last year I lost a lot of money because a fake MM “update” asked for my seed phrase. This was on my Firefox browser. In the process of starting over, I removed MM from Firefox, then installed on a different (Brave) broswer, and of course created a new wallet with its new seed phrase. However now I want to install MM on my original browser (Firefox) again.
But… when I install it on FF and enter my password, MM asks for my seed phrase again before I can proceed. I was told that MM would never ask for my seed phrase. So out of caution, I didn’t enter it, and once again have deleted MM from Firefox. How can I tell if Firefox still infected, and if so, how do I clean it? I have Avast security but it isn’t detecting any viruses in my browsers. Thanks.
Hey @matanzas, what we mean is that a MetaMask team member will NEVER ask for your phrase, meaning that no one who works with MetaMask will ask you for your phrase. If you are trying to restore your wallet on another browser, the application will ask for your phrase. Just make sure you have downloaded the legitimate MetaMask extension from metamask.io.
It’s great you’re being cautious. As @nakedwinnie pointed out, when you’re actually restoring your wallet it makes sense for the site to ask you. However, your caution is still good to keep close because there are scams where a pop-up windows appear (and they look like they’re from MM) asking you to input your secret recovery phrase (SRP) and these are not legit.
Rule of thumb I follow: if it’s the first time you’re installing the extension on a browser, or, if you had previously uninstalled MetaMask and are reinstalling again, being asked to enter your SRP makes sense. However, if it’s outside of those perimeters or if it’s a site or pop-up window asking for it - run.
Also, strongly recommend looking into hardware wallets as a second set of keys to use with your MM.
Here are two additional MetaMask KB articles that include some safety tips, one provides links to addition resources on how to keep your computer safe too:
Thanks. Yes, when I was hacked, it wasn’t because any person asked me for the seed phrase. It was because I had just installed MM on Brave, and shortly after, a hacker managed to cause a fake MM popup appear when I tried to log into a DEX. The popup looked legitimate and asked me for my seed phrase. I entered it, thinking perhaps MM had some security system which detected my multiple installs of MM (one on Brave, the other on FF), and was “confirming” that my second install was legit. But of course I now know that the popup was malicious, and as a result I lost about $40K. After that incident I did buy some hardware wallets! And thanks to your suggestion, I’ll enable Bitlocker on Windows!