MetaMask Users Warned: The Crypto 'stake' That Could Burn Your Wallet in Seconds
- A malicious browser extension disguised as a staking tool is quietly authorizing token transfers on popular sites like Uniswap and OpenSea, siphoning funds without your permission.
- Cybersecurity researchers at Blockaid have flagged the malicious code, which targets users' connected wallets and initiates fake "stake" requests to drain balances.
- Unlike traditional phishing, this exploit uses a hidden permissions grab: once you approve a single transaction, attackers can empty your holdings in seconds.
- Verified reports show at least $2 million lost in the past 48 hours, with the scam spreading through Telegram groups and fake airdrop announcements.
- To stay safe, never approve any "stake" request from unknown pop-ups; revoke all suspicious allowances using a revoke.cash tool immediately.