Namecheap, a web hosting service provider, discovered that one of its third-party services had been exploited and used to send some unwanted emails that were specifically addressed to MetaMask customers. The issue, according to Namecheap, involved an email gateway problem.
We have evidence that the upstream system we use for sending emails is involved in the mailing of unsolicited emails to our clients. It was stopped immediately.
— Namecheap.com (@Namecheap) February 13, 2023
MetaMask, a well-known cryptocurrency wallet provider, has warned investors of persistent phishing attempts by scammers attempting to gain access to customers through Namecheap’s third-party email system.
The preventive warning informed users that MetaMask does not collect Know Your Customer (KYC) data and never contacts customers through email regarding their account information.
The hackers’ fake MetaMask website asks for a private recovery phrase “to keep your wallet secure” when users click on a link in the phishing emails. Sharing seed phrases gives the hacker full control over the user’s funds, and MetaMask advises investors not to do so.
⚠️MetaMask does not collect KYC info and will never email you about your account!
Do not enter your Secret Recovery Phrase on a website EVER.
If you got an email today from MetaMask or Namecheap or anyone else like this, ignore it & do not click its links!https://t.co/EP0HGZFOfo pic.twitter.com/4CDtne24OK— MetaMask 🦊💙 (@MetaMask) February 13, 2023
Namecheap clarified that none of its services had been compromised, and no customer information had been exposed in the event. The company tweeted that the mail delivery system has now been restored, and all communications will now come directly from the official source.
We would like to assure you that Namecheap’s own systems were not breached and your products, accounts and personal information remain secure.
We will update status post once the issue is solved https://t.co/2xJ362KF0f— Namecheap.com (@Namecheap) February 13, 2023
Namecheap has suspended the distribution of Auth codes, Trusted Devices’ verification, and password reset emails while they work with their upstream provider to resolve the issue.
The investigation into the sending of unsolicited emails is ongoing. Investors are advised to double-check website links, email addresses, and points of contact when dealing with correspondence from Namecheap and MetaMask.
Last month, the MetaMask team discovered a rise in a new type of cryptocurrency wallet address fraud that preyed on user negligence. Users were warned about the address poisoning scam, in which perpetrators give victims tokens with a value of $0 to tamper with their transaction history.
If you would like to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, and Instagram.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
