Fake Crypto Wallet Extensions: How to Spot the Real One
You search for MetaMask in the Chrome Web Store. Several results look right. You install the first one. It asks for your seed phrase to import your existing wallet. You type it in. Your funds are gone.
Fake wallet extensions are designed specifically to capture seed phrases and private keys. They look like the real thing โ same icon, similar name, similar interface. The only difference is that everything you type gets sent to an attacker.
This attack is consistently effective because it targets the moment of highest trust: wallet setup. You're expecting to enter your seed phrase. The fake extension gives you exactly that screen.
How to install the real MetaMask or Phantom
The only safe installation path is through the wallet's official website. Go there directly โ don't search for it:
- โMetaMask: metamask.io โ click "Download" which links directly to the verified Chrome Web Store listing
- โPhantom: phantom.app โ click "Download" for the official extension
- โCoinbase Wallet: coinbase.com/wallet โ download link goes to the verified listing
Never install from Chrome Web Store search results alone. Fake extensions can appear above real ones in search, sometimes through paid placement.
How to verify an extension is legitimate
Each Chrome extension has a unique extension ID โ a long string of letters visible in the URL on its Web Store page. The real IDs for the major wallets:
- โขMetaMask: nkbihfbeogaeaoehlefnkodbefgpgknn
- โขPhantom: bfnaelmomeimhlpmgjnjophhpkkoljpa
- โขCoinbase Wallet: hnfanknocfeofbddgcijnmhnfnkdnaad
If the extension ID in the URL doesn't match, it's not the real extension regardless of what the name and icon say. You can also check the number of users (MetaMask has tens of millions โ a fake will have far fewer) and look at review dates.
What happens after you install a fake one
If you entered your seed phrase into a fake extension, assume that wallet is compromised immediately. Move to a new wallet on a different device:
- 1.Don't use the compromised device for crypto until you've removed the fake extension and scanned for malware
- 2.On a clean device, create a new wallet with a fresh seed phrase
- 3.Transfer all funds from the compromised wallet to the new address as quickly as possible
- 4.Check revoke.cash and revoke any active token approvals from the old address
- 5.Never use the old wallet address again โ treat the seed phrase as permanently exposed
Frequently asked questions
How do fake wallet extensions end up in the Chrome Web Store?
Attackers submit them with near-identical names and icons. Google catches most but not all. Install only from the wallet's official website, not from search results.
What does a fake extension do with your seed phrase?
Transmits it to an attacker-controlled server immediately. The wallet may look functional for a short time to avoid detection while the attacker drains your imported wallet in the background.
What's the safest way to install MetaMask or Phantom?
Go to the wallet's official website and click their download link โ it takes you directly to the verified Web Store listing with the correct extension ID. Never install from Web Store search results alone.
Once you have the real MetaMask โ understand what it's asking you to sign
GuardianAI works alongside the real MetaMask extension to explain every transaction in plain English before you confirm it. Free Chrome extension โ install directly from our official link.
Get GuardianAI โ It's Free