FakeOrLegitCheck now

WalletConnect Drain Scam

If you received a social media ad that looks like a crypto site asking you to connect your wallet via WalletConnect, you are looking at one of the most repeated scam patterns of the year. These messages succeed because they impersonate something familiar and pile on urgency, pushing you to get you to sign a setApprovalForAll or unlimited token allowance before you have time to verify with the real source.

The real MetaMask does not contact customers this way - and even when MetaMask does send you a legitimate notice, you can always confirm by reviewing every wallet signature in detail before approving and using a separate burner wallet for new sites instead of acting on the message itself. FakeOrLegit is not affiliated with MetaMask; this guide is independent consumer-safety information.

Below we walk through the warning signs you can check yourself, the exact steps to take if you have already engaged, and the most common follow-up questions we see in our checker.

Warning signs

  • The advertiser's name is new or unfamiliar and the linked site was registered recently.
  • Prices or offers are dramatically better than the real brand's own site or store.
  • Urgency or fear language pushes a deadline within 24 hours. Real organizations almost never time-bomb account actions that fast.
  • There is a request for payment, login credentials, a verification code, or sensitive identifiers (SSN, full DOB, full card number). None of these are ever needed to resolve a legitimate notice.
  • Spelling, grammar, or formatting is slightly off in places a real brand would catch. Scammers iterate but rarely match design systems exactly.
  • The wording matches scam reports posted on Reddit's r/scams or in recent local-news headlines. A quick search of the exact phrase is one of the fastest checks you can do.
  • The message references MetaMask but the link or sender is not on MetaMask's official domain. MetaMask-related actions should always be confirmed inside MetaMask's official app or website.

What to do

  • Compare prices on the brand's official site. If the gap is impossible, the ad is fake.
  • Report the ad to the platform. Repeat reports speed up takedown of the advertiser account.
  • Run any link from the message through FakeOrLegit. The checker matches the URL against our heuristics and brand-impersonation database.
  • If you already entered credentials, change the password and turn on two-factor authentication immediately. Sign out of all other sessions.
  • If you already paid by credit card, dispute the charge with your bank within 60 days. Speed matters, earlier disputes win more often.
  • Report to the FTC at reportfraud.ftc.gov. If you lost money, also file a local police report so an official case number exists.
  • Watch for follow-up scams referencing the same MetaMask pretext. Scammers often re-contact under a "refund" or "support" persona within 24-72 hours.

FAQ

Will MetaMask ever contact me this way?
MetaMask will sometimes send notifications, but they will never ask for your password, your full card number, a verification code, or an urgent payment by social media ad. Always confirm any account action by reviewing every wallet signature in detail before approving and using a separate burner wallet for new sites.
What if I already clicked the link or answered the call?
Clicking alone usually does not compromise you - the risk is in what you entered after. If you typed credentials, change that password and any password you reuse, and enable two-factor authentication everywhere. If you read out a verification code, contact the underlying service immediately to lock the account.
Will reporting actually do anything?
Yes, in aggregate. Carriers, the FTC, and the brands you forward to use volume-based detection - your one report joins thousands of others and shortens the lifespan of that specific campaign. It is one of the cheapest civic acts available.
Is FakeOrLegit affiliated with the brand mentioned here?
No. FakeOrLegit is an independent scam-risk analysis tool operated by Aura Bionics Inc. (Ontario, Canada). We are not affiliated with, endorsed by, or sponsored by MetaMask.
Does FakeOrLegit save the message text?
No. We hash submitted messages with SHA-256 for de-duplication and never store the raw text. URL checks store the hostname and the risk report; message checks store only the hash and the report.

Run a check now

If a specific link or message triggered this guide, paste it for an instant risk report.

Check a websiteCheck a message

Related guides

Crypto scam

Fake MetaMask Airdrop Scam

Fake "airdrop claim" pages drain your wallet by approving a malicious contract. Here is what to know.

Read guide →
Crypto scam

Fake Binance Customer Support Scam

Fake Binance support agents on Telegram and Twitter drain wallets. Here is the verification path.

Read guide →
Crypto scam

Fake Coinbase Withdrawal Hold Scam

Fake withdrawal-hold messages route you to a scam support number. Here is the pattern.

Read guide →
Crypto scam

Fake Kraken Support Call Scam

Fake Kraken support calls target customers right after a login attempt. Here is the script.

Read guide →
Crypto scam

Pig Butchering Romance Investment Scam

Long-form romance scams that pivot to a fake crypto investment platform, one of the most damaging scams of the decade.

Read guide →

Disclaimer

FakeOrLegit provides automated risk signals based on publicly observable patterns. We do not guarantee that any site, email, or message is safe or unsafe. Always use your own judgment, and contact the real institution directly to verify any request before sharing personal or payment information.

FakeOrLegit is not affiliated with MetaMask. MetaMask did not send and does not endorse this analysis.