Fake MetaMask Pro Extension: A 12,000-Download Drainer Trap

The extension that watched everything

May 2025. A holder in Atlanta installs "MetaMask Pro" from the Chrome Web Store after seeing it recommended on a YouTube tutorial. The extension has 4.6 stars, 12,000 reported downloads, and an icon nearly identical to the real MetaMask fox. It asks for the seed phrase during setup "to import your existing wallet." Twelve minutes later, her 6.4 ETH is in a drainer wallet.

The Chrome Web Store gap

Google's extension review prioritizes malware that calls home — not extensions that imitate other brands. Fake MetaMask, fake Phantom, fake Trust Wallet, and fake Ledger Live extensions appear on the store weekly. Most are reported and removed within 7–14 days, but in that window thousands of downloads happen.

The four verification steps before installing any wallet extension

• Install only from the official source. MetaMask: only from metamask.io, which then links to the Chrome Web Store. Never search "metamask" in the store directly — the result order is gameable.
• Check the developer. Real MetaMask is published by "MetaMask." Fakes use lookalike names: "Meta-Mask Inc.," "MetaMask Lab," "MetaMask Official." If the developer name is anything other than the exact string MetaMask publishes, walk away.
• Check the install count. Real MetaMask has 10M+ users. A "Pro" version with 12,000 downloads is a red flag by definition — the real one has no Pro tier.
• Real MetaMask never asks for the seed phrase to "set up." It generates a new one. To import, it asks at a specific step in a specific UI — and even then, you should be skeptical if the screen prompts feel new.

The post-compromise checklist

Uninstall the fake extension. Run a malware scan (Malwarebytes free is fine). Move all funds from any wallet ever used in that browser to a fresh hardware-wallet address — every wallet that browser touched should be considered burnt. Re-image the laptop if it is the same machine you use for banking; the cost of a fresh OS install is one weekend.

What real protection looks like

I use a separate browser profile for wallet extensions, with no other extensions installed in that profile. Brave or a clean Chrome profile, locked to MetaMask plus one ad-blocker, nothing else.