Namecheap hacker sends unauthorized emails, prompting MetaMask to issue a fraud notice.

MetaMask, a popular cryptocurrency wallet provider, has alerted investors about persistent phishing attempts by criminals seeking to contact consumers via Namecheap’s third-party upstream email system. On the evening of February 12, web hosting provider Namecheap discovered the unlawful usage of one of its third-party services, which directly targeted MetaMask customers. The incident was described by Namecheap as an “email gateway malfunction.” MetaMask reminded its million followers in the proactive alert that it does not collect Know Your Customer (KYC) information and will never contact them through email to discuss account details.

The hacker’s phishing emails include a link to a phony MetaMask website that requests a secret recovery phrase “to keep your wallet secure.” The wallet provider warned investors to avoid disclosing seed phrases because it gives the hacker entire control of the user’s assets. NameCheap also stated that its services were not compromised and that no customer data was leaked as a result of this incident. Within two hours of receiving the initial notification, Namecheap confirmed that mail delivery had been restored and that all communications will now come from the official source.

MetaMask told its million users in the proactive notification that it does not collect Know Your Customer (KYC) information and will never contact customers through email to discuss account details. This was done to make users aware that the company does not perform KYC checks. The hacker’s phishing emails contain a link that, when clicked, redirects the recipient to a fraudulent MetaMask website that requires a confidential recovery phrase “to keep your money safe.”

Nonetheless, the main issue of unwanted email distribution is still being investigated. When dealing with MetaMask and Namecheap communications, investors should double-check website links, email addresses, and points of contact. Namecheap verified that they were able to stop the bogus emails and that they had contacted their upstream supplier to rectify the issue.

A hacker used Google Ads services to steal nonfungible tokens (NFTs) and cryptocurrencies from investors in January. NFT God lost “a life-changing amount” after downloading malicious software embedded in a Google advertisement by mistake. When the influencer used Google to download OBS, an open-source video streaming program, the incident occurred. However, he clicked on a link containing a sponsored advertisement rather than the genuine site, resulting in a loss of cash.