Crypto wallet MetaMask alerts users against ongoing phishing attempts

• Crypto wallet provider MetaMask warned its investors against ongoing phishing attempts.
• Namecheap confirmed on Twitter that it was successful in stopping the fraudulent emails.

Crypto wallet provider MetaMask put out a warning to its investors against ongoing phishing attempts by scammers attempting to contact users through Namecheap’s third-party upstream system for emails.

It was yesterday (12 February) that the web hosting company Namecheap discovered misuse of one of its third-party services. The service was being used to send some unauthorized emails that were specifically aimed at MetaMask users. The incident was described by Namecheap as an email gateway problem.

“We have evidence that the upstream system we use for sending emails is involved in the mailing of unsolicited emails to our clients. It was stopped immediately. We would like to assure you that Namecheap’s own systems were not breached and your products, accounts and personal information remain secure,” Namecheap informed on Twitter.

MetaMask immediately reminded its million followers that it does not gather Know Your Customer (KYC) information and will never communicate with them via email about account details.

The hacker’s phishing emails include a link to a fake MetaMask website that requests a secret recovery phrase to keep customer wallets secure.

The wallet provider advised investors to avoid sharing seed phrases because it gives the hacker complete control of the user’s funds.

Services not compromised; Investigation underway

NameCheap also confirmed that its services were not compromised and that no customer data was leaked as a result of the hack. Within two hours of receiving the initial notification, Namecheap confirmed that mail delivery had been restored and that all communications would now come from the official source.

However, the main issue of unsolicited email distribution is still being investigated. When dealing with MetaMask and Namecheap communications, investors should double-check website links, email addresses, and points of contact.

Namecheap confirmed on Twitter that it was successful in stopping the fraudulent emails and contacted their upstream provider to resolve the issue.