[Challenge Submission] <Fake Wallet Extension Update Trap> #3
Description
Challenge Title:
Fake Wallet Extension Update Trap
Difficulty Level:
[ ] Beginner
[x] Intermediate
[ ] Advanced
Description / Scenario:
The victim receives a fake prompt urging them to update their wallet extension (e.g., MetaMask, Phantom) due to a “security patch.” Upon clicking, they are redirected to a spoofed Chrome/Firefox extension store that installs a malicious clone. The clone then asks for the seed phrase or tricks them into signing a malicious approval.
Learning Objective:
Players will learn to avoid fake wallet update links and recognize that extension updates should only be done via official browser stores or inside the extension settings.
Phishing Technique Used:
Browser spoofing via fake update prompt
Redirect to malicious browser extension store
Clone wallet interface asking for seed phrase
Silent approval signing using malicious contract logic
Can be enhanced via Google ad phishing or browser notification hijack
🪙 Reward Wallet Address (USDT - ERC20 Polygon/Arbitrum)
0xc9e7e459d2bef4e6493a76543c7ed0de06dc6bac
✅ By submitting this challenge, I agree to open-source it under the project's license and allow the Unphishable team to modify or improve it for consistency.