MetaMask, a popular crypto wallet provider, has issued an alert to its million followers against ongoing phishing attempts by scammers who are using Namecheap’s third-party upstream system for emails to contact MetaMask users.
The web hosting company detected the misuse of its third-party service for sending unauthorized emails on the evening of February 12. The incident, described as an “email gateway issue,” directly targeted MetaMask users.
In the phishing emails, hackers use a fake MetaMask website to request users’ secret recovery phrases, which gives them complete control of the users’ funds.
The wallet provider advised investors not to share their seed phrases and reminded them that it does not collect any Know Your Customer (KYC) information, nor will it ever contact users through email to discuss account details.
Namecheap has confirmed that its services were not breached and no customer data was leaked in this incident. However, the issue related to the mailing of unsolicited emails is still under investigation.
Investors are advised to double-check website links, email addresses, and points of contact when dealing with communications from MetaMask and Namecheap.
In response to Cointelegraph’s coverage, Namecheap confirmed that it had stopped the fraudulent emails and contacted its upstream provider to resolve the issue from their end.
This incident follows a January hack where a hacker used Google Ad Services to steal non-fungible tokens (NFTs) and cryptocurrencies from investors.