MetaMask blocklist abuse — legitimate exchange blocked after competitor threats

[changeum]

I'm posting this to get community feedback and visibility on what appears to be abuse of MetaMask's blocklist system.

What happened:

Our crypto exchange changeum.io was added to MetaMask's eth-phishing-detect blocklist on January 4, 2026. The same day, a competitor contacted us via live chat, made threats, and said he would "flag" our website.

Evidence of threats:
- https://imgur.com/a/Au8FLQX
- https://imgur.com/a/uYXjY8n

About us:

- Company: MUSS INTERNATIONAL TRADING CORP (Panama)
- Service: Crypto-to-crypto exchange
- Operating: almost 1 year
- VirusTotal: 96/97 clean - (the only 1 flag from vendor that pull data directly from MetaMask's blocklist)
- Trustpilot: 4.4/5 rating
- Zero scam reports anywhere

What we've tried:

- 4 GitHub issues (#216822, #216779, #217702, #218039) — all closed without response
- 1 Pull Request — closed without review
- MetaMask Support ticket #69024173
- MetaMask Community post (as advised in the main thread) - https://community.metamask.io/t/need-help-legitimate-business-falsely-flagged-changeum-io/31173
- Consensys contact form
- Blockaid (as advised in the main thread) — they confirmed we have NO flags on their end

The GitHub moderator closes all our requests without any explanation.

Why I'm posting here:

Looking for advice from anyone who has dealt with this before, and to document this publicly. This seems like a systemic issue — MetaMask's blocklist can be weaponized by competitors with zero accountability.

If anyone has contacts or experience with getting delisted, I'd appreciate any help.

Main thread: https://bitcointalk.org/index.php?topic=5559254.20

Thanks.

[Woodie]

Is it possible that your competitor reported your domain to be a phishing site and managed to convince metamask to put you on their blacklist??

If metamask has a support line you could appeal your case and give them these facts leading to the blacklist to gets this overturned.. GL.

[changeum]

Yes, that's exactly what happened. The competitor threatened us in live chat saying he would "flag" our site — and the same day we were added to the blocklist.

We've already tried appealing through every possible channel:
- 4 GitHub issues — all closed without any response
- 1 Pull Request — closed without review
- MetaMask Support ticket #69024173 — waiting for response
- MetaMask Community post
- Consensys contact form
- Blockaid confirmed we have NO flags on their end

The problem is the GitHub moderator just closes everything without explanation. There's no real appeal process — that's the issue.

Thanks for the support, GL appreciated!

[aioc]

Yes, that's exactly what happened. The competitor threatened us in live chat saying he would "flag" our site — and the same day we were added to the blocklist.

They may have seen a loophole, for Metamask believes and blacklisted your platform, or the blackmailer is good at convincing Metamask and has done past reports that are consistent and valid.

It's good that you are whitelisted again. May we know the platform of the blackmailer so people can avoid it, as they are not playing fair.
 

[examplens]

Yes, that's exactly what happened. The competitor threatened us in live chat saying he would "flag" our site — and the same day we were added to the blocklist.

They may have seen a loophole, for Metamask believes and blacklisted your platform, or the blackmailer is good at convincing Metamask and has done past reports that are consistent and valid.

It's good that you are whitelisted again. May we know the platform of the blackmailer so people can avoid it, as they are not playing fair.
 

However, this matter is dealt with by serious people who try to handle everything regularly. If the service is legal, it is usually not too much of a request to remove it from the list, because the people from Metamask seem responsible.
Blackmailers report legit services, probably with a large number of accounts, which leads to the blacklisting of a service. Later, they go through the regular delisting procedure themselves, if they manage to extort the money for it.

[changeum]

Unfortunately, we couldn't find the hacker's platform, but we did find his Telegram (@IntelNorthern) and a link to the shadow forum lolz.live
https://talkimg.com/images/2026/01/22/UNkEcC.png
Where he was looking for a front-end developer (it's only possible to find it through Google's cache; unfortunately, we can't get into it in detail).

Regarding MetaMask itself, they still haven't removed it from the list, but on the plus side, I at least received a response that there were reports of people's money being stolen. We requested confirmation, screenshots of conversations with support, transaction history, screenshots, and transaction IDs. We're awaiting a follow-up response from https://github.com/AlexHerman1 with more information.

After a week, he at least started responding, success already, thanks also to allennewton for the supportive words in the issue on GitHub

[dkbit98]

I don't understand why they are closing github issues, but I am not surprised sin since it's coming from Metamask, and I stopped using that wallet long time ago.
There should allow people to manually change blacklisted website, similar like uBlock extension is doing for blocking websites.
If this issue is not resolved you should consider telling people to switch to better alternatives like Rabby wallet.

[Stalker22]

At least they are responding to your complaint, which is good.  Im afraid you have no choice but to work with the system, as broken and annoying as it is.  To them, you are not a victim; you are just another potentially malicious domain on a list.

If I may suggest, stop the scattergun approach.  Pick one official channel, provide the proof clearly, and wait.  If you keep opening new issues, you are just flagging yourself as a nuisance.

[changeum]

So, at least we had a small dialogue. I opened new issues because they were completely ignored everywhere, but here they were at least closed, some kind of movement.
https://github.com/MetaMask/eth-phishing-detect/issues/218214
This is certainly very strange behavior. They initially accused service of stealing money. We offer to investigate each case and compensate for the damages if such a thing exists (which, of course, it doesn't). To which some guy writes that I used a Gmail account for registration somewhere, and that several domains link to my website. You can go and read it yourself; I hope they continue to respond. The support team simply wrote some nonsense, lied a bunch of times that we don't have an email and that we don't have a company, but they didn't provide a single fact on the most important thing: who did scam?
It's surprising that some wallet decides who is legitimate and who is not, considering that even agencies specializing in this have confirmed to them that the website is completely legitimate.

[examplens]

So, at least we had a small dialogue. I opened new issues because they were completely ignored everywhere, but here they were at least closed, some kind of movement.

Honestly, if you have received confirmation that you will be whitelisted or it may have already happened, I think there is no need to enter into further discussions about this case. Certainly not with some anonymous characters who recognized the chance to demonstrate their power. You should turn around and move on. It will save you both energy and money.

I must admit that I am surprised by the arrogant attitude shown by AlexHerman1. This is not how a representative of a service should behave.

[changeum]

Yes, thank you, I think so too. However, this is a brand issue; they've essentially slandered us, and there could be a problem if one service pulls information from their repository, then another, and so on, all without understanding anything at all, and we'll have to constantly go and prove something. That's all we're worried about; we couldn't care less about Metamask itself. And regarding the whitelist, these guys said they don't care, no matter where this company has whitelisted us, etc.