MetaMask, one of the leading crypto wallet providers, has just issued a warning to investors against ongoing phishing attempts by scammers attempting to contact users through NameCheap’s third-party upstream system for emails.
On February 13, MetaMask took to Twitter to warn investors of potential phishing emails that attempted to steal personal information from the recepients and their cryptocurrency wallets. The phishing campaign originated after domain registrar NameCheap had their email account breached on Sunday night.
The attackers used “SendGrid”, an email platform, that is used by Namecheap to send renewal notices and marketing emails to send unauthorized emails which target MetaMask users. Namecheap described the incident as an “email gateway issue.”
⚠️MetaMask does not collect KYC info and will never email you about your account!
Do not enter your Secret Recovery Phrase on a website EVER.
If you got an email today from MetaMask or Namecheap or anyone else like this, ignore it & do not click its links!https://t.co/EP0HGZFOfo pic.twitter.com/4CDtne24OK— MetaMask 🦊💙 (@MetaMask) February 13, 2023
Phishing Scam Asking for Private Keys
According to the official blogpost, the phishing emails sent by the hacker contain a link that opens a fake MetaMask website requesting Secret Recovery Phrase “to keep your wallet secure.”
This allowed the hackers to import the wallet to their own devices and steal all the funds and assets. The email read,
“We are writing to inform you that in order to continue using our wallet service, it is important to obtain KYC (Know Your Customer) verification. KYC verification helps us to ensure that we are providing our services to legitimate customers. By completing KYC verification, you will be able to securely store, withdraw, and transfer funds without any interruptions. It also helps us to protect you against financial fraud and other security threats.”
Evolving New Scams
Namecheap CEO Richard Kirkendall also confirmed regarding the exploit specifying the company had disabled emails through SendGrid while they investigated the issue. However, just within two hours of the initial intimation, NameCheap confirmed that its mail delivery was restored.
A new scam called 'Address Poisoning' is on the rise. Here's how it works: after you send a normal transaction, the scammer sends a $0 token txn, 'poisoning' the txn history. (1/3)
— MetaMask Support (@MetaMaskSupport) January 11, 2023
Recently, MetaMask issued a warning on a new crypto wallet address scam dubbed as “Address Poisoning” where hackers take advantage of user carelessness to drain crypto tokens from the victim’s wallet address.
The digital wallet provider explained the perpetrators “poison” transaction histories by sending users tokens that are worth $0 to their wallets. Meanwhile, hackers use a “vanity” address generator that churns out an address closely matching the victim’s wallet.