Popular crypto wallet provider MetaMask warned investors against ongoing phishing attempts by scammers attempting to contact users through Namecheap’s third-party upstream system for emails.
On the evening of Feb. 12, web hosting company Namecheap detected the misuse of one of its third-party services for sending some unauthorized emails — which directly targeted MetaMask users. Namecheap described the incident as an “email gateway issue.“
In the proactive alert, MetaMask reminded its million followers that it does not collect Know Your Customer (KYC) information and will never reach out over an email to discuss account details.
The phishing emails sent by the hacker contain a link that opens a fake MetaMask website requesting a secret recovery phrase “to keep your wallet secure.”
The wallet provider advised investors to refrain from sharing seed phrases, as it hands complete control of the user’s funds to the hacker.
NameCheap further confirmed that its services were not breached and that no customer data was leaked in this incident. Within two hours of the initial intimation, Namecheap confirmed that its mail delivery was restored and that all communications would now be from the official source.
However, the main issue related to the mailing of unsolicited emails is still under investigation. Investors are advised to recheck website links, email addresses and points of contact when dealing with communications from MetaMask and Namecheap.
In response to Cointelegraph's coverage on the subject, Namecheap confirmed being able to stop the fraudulent emails and contacted their upstream provider to resolve the issue from their end.
Related: OneKey says it has fixed flaw that got its hardware wallet hacked in 1 second
In January, a hacker used Google Ad services to steal nonfungible tokens (NFTs) and cryptocurrencies from investors.
NFT influencer NFT God lost “a life-changing amount” after accidentally downloading malicious software embedded in a Google advertisement.
The incident happened when the influencer used the Google search engine to download OBS, an open-source video streaming software. However, he clicked the link with a sponsored advertisement instead of the official link, which led to the loss of funds.