The most impersonated crypto wallets: How scammers exploit trusted brands
Introduction
As the cryptocurrency ecosystem expands, digital wallets have become the cornerstone of user interaction with decentralized finance and blockchain networks. Yet, the very tools designed to empower users with control over their assets have increasingly become the focus of sophisticated cybercriminal schemes. Popular non-custodial wallets such as MetaMask, Trust Wallet, and several others are now frequent targets of impersonation, phishing, and malware campaigns.
Security researchers have documented a steady rise in fraudulent applications, counterfeit browser extensions, and deceptive update prompts designed to mimic legitimate wallet brands. In many cases, unsuspecting users are tricked into revealing their seed or recovery phrases—the cryptographic keys to their assets—through fake verification requests, cloned websites, or malicious advertisements. Once compromised, funds are typically irretrievable.
This article examines ten of the most commonly impersonated crypto wallets, detailing why each is targeted, how these scams typically unfold, and what users can do to mitigate risk. By understanding these patterns, crypto holders can better protect themselves against one of the fastest-growing forms of digital fraud in the Web3 landscape.
Why certain wallet apps are targeted
Scammers often focus on popular wallet apps because:
- They have large user-bases, so there are many potential victims.
- Their brand names or logos are well-known — making it easier for counterfeit apps or phishing sites to impersonate them convincingly.
- Users may receive messages (emails, social-media, pop-ups) claiming their wallets must be verified or updated, and these claims exploit trust in these popular names.
- Wallets that enable interacting with decentralised apps (dApps) or signing transactions can be manipulated via fake approvals or malicious smart contracts.
Because of these factors, knowing which wallet names tend to be impersonated or targeted can help you stay alert.
1. MetaMask
Why it’s targeted
As one of the most popular non-custodial wallets (browser extension + mobile) used for Ethereum and other EVM chains, MetaMask is widely trusted—making it a prime target for scammers. The brand recognition itself helps criminals impersonate it. For example, phishing emails claiming “your MetaMask wallet will be suspended” have been documented. (MalwareTips Forums)
Typical scam-cases
- Fake “verification email” telling users to enter seed phrase. (MalwareTips Forums)
- Clone browser extensions or mobile apps posing as MetaMask. (techforing.com)
- Why users should be alert
Even if you legitimately install MetaMask, you must verify you’re on the correct official site/app, never share your seed phrase, always check the developer/publisher etc.
2. Trust Wallet
Why it’s targeted
Trust Wallet is mobile-only and supports many blockchains, so it has a large user base. It is also highlighted in security guides as among the “top three most impersonated wallets.” (BTCC)
Typical scam-cases
- Fake mobile apps mimicking Trust Wallet published via unofficial stores or via paid ads. (Webopedia)
- Phishing pages pretending to be the Trust Wallet website asking for recovery phrase. (Webopedia)
- Why users should be alert
Always download the wallet from the official site or store listing; check number of downloads, developer name; never click an ad-link promising “upgrade your Trust Wallet” etc.
3. TokenPocket
Why it’s targeted
TokenPocket is less globally visible than MetaMask or Trust Wallet but is still well known in the Web3/mobile wallet-space. Security reports mention it among wallets whose names were used in fake wallet-app campaigns. (TechRadar)
Typical scam-cases
- Clone apps labelled “TokenPocket” or similar name, distributed via third-party stores, that steal recovery phrases. (TechRadar)
- Why users should be alert
If you use TokenPocket, double-check that the package name or publisher matches the official one; avoid installing from random links.
4. imToken
Why it’s targeted
imToken is another multi-chain wallet that’s been mentioned in security alerts as being among wallets whose names were cloned in fake apps. (TechRadar)
Typical scam-cases
- Fake app versions circulating claiming to be “imToken Secure” or “imToken Wallet Pro”, designed to lure users.
- Why users should be alert
Make sure you are using the correct app version (official developer listing), avoid entering your seed phrase in pop-ups or “support chats”.
5. Bitpie
Why it’s targeted
Bitpie was mentioned in a Trend Micro security report listing fake crypto‐wallet apps: “249 fake crypto wallet apps… including MetaMask, imToken, Bitpie, Trust Wallet…” (TechRadar)
Typical scam-cases
- Fake “Bitpie” like apps built to look like the real one, used to harvest user seed phrases.
- Why users should be alert
Even less-prominent wallets can be targets; always verify the authenticity, especially if you are sourcing the wallet app via a link from a message/ad.
6. Coin98 Wallet
Why it’s targeted
While I don’t have a specific article naming Coin98 by name in a scam list, lesser-known multi-chain wallets tend to be cloned more due to lower user awareness and fewer checks. Including a slightly less-famous wallet raises awareness.
Typical scam-cases
- If you receive a link saying “Download Coin98 Wallet v2.0 – get free token airdrop” – that’s a red flag.
- Why users should be alert
Don’t trust “free airdrop” offers that require you to enter seed phrase or download a new version of a wallet; always go via official channels.
7. Rabby Wallet
Why it’s targeted
Rabby is a newer wallet gaining traction. Security warnings for browser extensions flagged fake wallet tools impersonating wallets such as MetaMask, TronLink and Rabby. (TechRadar)
Typical scam-cases
- Malicious browser extension posing as “Rabby Wallet” that collects private keys or seed phrases once installed. (TechRadar)
- Why users should be alert
Browser extension wallets are high-risk: check source code (if open-source), confirm extension is from correct developer, and avoid installing unknown extensions just because they promise “free tokens”.
8. Ledger Live
Why it’s targeted
Although not strictly a “wallet app” in the same sense (it pairs with the Ledger hardware wallet), it is targeted by scammers distributing fake Ledger Live apps that ask for seed phrase. (TechRadar)
Typical scam-cases
- Fake Ledger Live apps for macOS/Windows that prompt the user to “enter your 24-word recovery phrase” to fix a “critical error”. Once entered, funds are gone. (TechRadar)
- Why users should be alert
Always download Ledger Live from the official ledger.com site; be extremely wary of any software update message asking for seed phrase.
9. SafePal Wallet
Why it’s targeted
SafePal is a multi-chain wallet with both hardware and mobile components and is seen in the wider Web3-wallet ecosystem. While I don’t find a high-profile named scam list for SafePal, it is prudent to include a wallet outside the top “MetaMask/Trust” duo to emphasise that any wallet name can be mimicked.
Typical scam-cases
- “Download SafePal Pro version” links via social media, asking for seed phrase.
- Why users should be alert
Same principles apply: verify official app, avoid entering phrase based on unsolicited contact, carefully check app store listing.
10. Exodus Wallet
Why it’s targeted
Exodus is a well-known desktop/mobile crypto wallet supporting many coins. Its popularity and cross‐platform nature make it a plausible target for impersonation.
Typical scam-cases
- “Download Exodus 2.0 Update” email with link to malicious site, or fake plugin/extension for the wallet.
- Why users should be alert
Treat update prompts with caution: go via official website, verify cryptographic signature if available, avoid links sent via social media.
Bonus: Common scam tactics across wallets
Here are some recurring scam methods regardless of wallet-name:
- Fake app / clone listing: Malicious apps posing as legitimate wallet apps, often on unofficial stores or via links from ads.
- Phishing via email/social media: Emails or messages purporting to be from wallet providers asking to “verify your account”, “update your wallet”, or “enter your recovery phrase”.
- Browser extension impersonation: Fake wallet or plugin extensions that install and collect keys.
- Fake update prompts: App or extension asks for recovery phrase by claiming there is a security issue.
- Address-poisoning / copy-paste attack: Victim copies a wallet address that looks legitimate but is slightly altered, then sends funds to scammer.
What you should know after reading this article
The wallet brands like MetaMask, Trust Wallet and others are actually safe to use. The danger arises from fake apps, cloned websites, and phishing attempts that exploit their reputation. To protect your assets:
- Always download wallets and extensions only from official sources.
- Never share your seed or recovery phrase, even if prompted by what looks like a trusted brand
- Be skeptical of unsolicited messages or “urgent updates” asking for verification.
- Double-check URLs, developer names, and app store listings.
- Remember that once funds are sent to a fraudulent address, recovery is almost impossible.
Staying vigilant and verifying every step before interacting with your wallet is your best defense against impersonation scams.
This article is based on information from publicly available sources including TechRadar, Webopedia, MalwareTips Forums, BTCC, MyAntiSpyware, and Crypto Safety First. It is intended solely to inform readers about common crypto wallet impersonation threats. The purpose is not to defame or criticize any of the mentioned wallet brands or companies, but to raise awareness of cyber risks within the broader Web3 ecosystem.
