Metaverse is envisioned to operate on top of the Internet of Things (IoT) in which numerous IoT sensors and wearable devices continuously collect real-world data to reflect the physical world into its virtual counterpart. As a result, the metaverse not only inherits various security threats from the IoT network, but also faces far more sophisticated attacks related to virtual reality technology. As traditional security approaches show various limitations in the large-scale distributed metaverse such as single point of failure (SPoF) and scalability issue, this paper proposes MetaCIDS, a novel collaborative intrusion detection (CID) framework that leverages metaverse devices to collaboratively protect the metaverse. In MetaCIDS, a federated learning (FL) scheme based on unsupervised autoencoder and an attention-based supervised classifier enables metaverse users to train a CID model using their local network data, while the blockchain network allows metaverse users to utilize an on-chain model to detect intrusion network flows over their monitored local network traffic, then submit verifiable intrusion alerts to the blockchain to earn metaverse tokens. Security analysis shows that MetaCIDS can efficiently detect zero-day attacks (i.e., attacks unseen in the training data), while the training process is resistant to SPoF, data tampering, and up to 33% poisoning nodes thank to the blockchain consensus, reputation, and incentive mechanisms. Performance evaluation illustrates the efficiency of MetaCIDS with 96% to 99% detection accuracy on four different network intrusion datasets, supporting both multi-class detection using labeled data and anomaly detection trained on unlabeled data.