MetaMask issues scam alert as NameCheap hacker sends unauthorized emails

Published at: Feb. 13, 2023

Popular crypto wallet provider MetaMask warned investors against ongoing phishing attempts by scammers attempting to contact users through NameCheap’s third-party upstream system for emails.

On the evening of Feb. 12, web hosting company NameCheap detected the misuse of one of its third-party services for sending some unauthorized emails — which directly targeted MetaMask users. Namecheap described the incident as an "email gateway issue."

⚠️MetaMask does not collect KYC info and will never email you about your account!Do not enter your Secret Recovery Phrase on a website EVER.If you got an email today from MetaMask or Namecheap or anyone else like this, ignore it & do not click its links!https://t.co/EP0HGZFOfo pic.twitter.com/4CDtne24OK

— MetaMask (@MetaMask) February 13, 2023

In the proactive alert, MetaMask reminded its million followers that it does not collect know-your-customer (KYC) information and will never reach out over an email to discuss account details.

The phishing emails sent by the hacker contain a link that opens a fake MetaMask website requesting Secret Recovery Phrase “to keep your wallet secure.”

The wallet provider advised investors to refrain from sharing seed phrases as it hands over complete control of the user’s funds to the hacker.

We would like to assure you that Namecheap’s own systems were not breached and your products, accounts and personal information remain secure.We will update status post once the issue is solved https://t.co/2xJ362KF0f

— Namecheap.com (@Namecheap) February 13, 2023

NameCheap further confirmed that its services were not breached and that no customer data was leaked in this incident. Within two hours of the initial intimation, NameCheap confirmed that its mail delivery was restored and that all communications henceforth would be from the official source.

However, the main issue related to the mailing of unsolicited emails is still under investigation. Investors are advised to recheck website links, email addresses and points of contact when dealing with communications from MetaMask and NameCheap.

Related: OneKey says it has fixed flaw that got its hardware wallet hacked in 1 second

In January, a hacker used Google Ad services to steal nonfungible tokens (NFTs) and cryptocurrencies from investors.

Last night my entire digital livelihood was violated. Every account connected to me both personally and professionally was hacked and used to hurt others. Less importantly, I lost a life changing amount of my net worth

— NFT God (@NFT_GOD) January 15, 2023

NFT influencer NFT God lost “a life-changing amount” after accidentally downloading malicious software embedded in a Google advertisement.

The incident happened when the influencer used the Google search engine to download OBS, an open-source video streaming software. However, he clicked the link with a sponsored advertisement instead of the official link, which eventually led to the loss of funds.

Tags
Blockchain
Business
Email
Hacks
Hackers
Phishing
Scams
Metamask
Related Posts
5 sneaky tricks crypto phishing scammers used last year: SlowMist
Blockchain security firm SlowMist has highlighted five common phishing techniques crypto scammers used on victims in 2022, including malicious browser bookmarks, phony sales orders and trojan malware spread on messaging app Discord. It comes after the security firm recorded a total of 303 blockchain security incidents in the year, with 31.6% of these incidents caused by phishing, rug pull or other scams, according to a Jan. 9 SlowMist blockchain security report. Malicious browser bookmarks One of the phishing strategies makes use of bookmark managers, a feature in most modern browsers. SlowMist said scammers have been exploiting these to ultimately gain …
Blockchain / Jan. 10, 2023
4 tips to avoid phishing attacks
Many crypto owners fall prey to common crypto theft schemes, including phishing traps. How can the average crypto user identify and avoid these attacks to prevent the potential loss of funds? Know the source Phishing emails are sometimes successful in their attempts to trick users into downloading programs, clicking on something they shouldn’t, or just linking them to a page where they can enter personal information like their seed phrase. In July, hardware wallet Ledger reported a data breach that affected the personal data of many of its users, some of whom continue to be the target of phishing attacks. …
Business / Nov. 23, 2020
‘Nobody is holding them back’ — North Korean cyber-attack threat rises
North Korea-backed cyberattacks on cryptocurrency and tech firms will only become more sophisticated over time as the country battles prolonged economic sanctions and resource shortages. Former CIA analyst Soo Kim told CNN on Sunday that the process of generating overseas crypto income for the regime has now become a “way of life” for the North Koreans: “In light of the challenges that the regime is facing — food shortages, fewer countries willing to engage with North Korea [...] this is just going to be something that they will continue to use because nobody is holding them back, essentially.” She also …
Blockchain / July 12, 2022
NFT-delivered court orders an answer to blockchain-related litigation: Lawyers
Non-fungible tokens (NFTs) are becoming an increasingly popular solution to serving defendants in blockchain-based crimes that would otherwise be unreachable, according to crypto lawyers. The last year has seen an increase in litigation delivered over NFTs in cases where those accused of blockchain crime wereuncontactable through traditional methods of communication. In November 2022, the United States District Court for the Southern District of Florida granted a United States law firm The Crypto Lawyers its request for its client to serve a defendant via NFT. While the defendant's identity was unknown, the plaintiff accused the defendant of stealing cryptocurrency to the …
Adoption / Jan. 24, 2023
'Haunts me to this day' — Crypto project hacked for $4M in a hotel lobby
The co-founder of Web3 metaverse game engine “Webaverse” has revealed they were victims of a $4 million crypto h after meeting with scammers posing as investors in a hotel lobby in Rome. The bizarre aspect of the story, according to co-founder Ahad Shams, is that the crypto was stolen from a newly set up Trust Wallet and that the hack took place during the meeting at some point. He claims the thieves could not have possibly seen the private key, nor was he connected to a public WiFi network at the time. The thieves were somehow able to gain access …
Nft / Feb. 7, 2023