Posted on February 13, 2023 at 4:36 PM
A phishing campaign might have targeted digital wallet service provider MetaMask. Web hosting company Namecheap detected the misuse of one of the third-party services sending unauthorized emails. These emails were targeted at MetaMask users.
MetaMask warns of a phishing campaign
MetaMask is one of the largest crypto wallet service providers globally. The company has now sent a warning to investors saying that there was an ongoing phishing campaign targeting users to scam them. The scammers wanted to contact users using the Namecheap third-party upstream system for emails.
Namecheap noted that it detected malicious activity on February 12. The web hosting company said that one of the third-party services was sent after sending unauthorized emails that targeted MetaMask users. Namecheap said that this incident was an ’email gateway issue.”
MetaMask has issued an alert to its users urging them to remain proactive and ensure they do not fall victim to such attacks. The company reminded its clients that it does not require Know Your Customer (KYC) information. Moreover, it added that it never contacts customers using emails to discuss details of their accounts.
The phishing emails being sent by the attacker contained a link that led to a fake MetaMask website that required a secret recovery phrase for it to be accessed. The hacker tricked the user by informing them that the recovery phrase was needed to keep the wallet secure, but this was not the case.
The wallet provider has also urged investors not to share their seed phrases. The customers that fall for this trick and share the seed phrase with the hacker will give them complete control over their funds.
The statement from Namecheap said, “We have some evidence that the upstream system we use for sending emails is involved in the mailing of unsolicited emails to our clients. It was stopped immediately,” Namecheap said. The company has also assured its customers that its systems were not breached during the hacking campaign and that no customer data was leaked.
Two hours after Namecheap announced the initial stage of the phishing campaign, the company announced that mail delivery had been restored. The company also said that all communication with the company would be done from the official communication source to prevent such breaches from happening again.
Nevertheless, the company is still investigating the main issue of unsolicited emails being sent to MetaMask users. Crypto investors using the digital wallet are being advised to monitor the website links, email addresses and points of contact when communicating with Namecheap and MetaMask.
Namecheap has confirmed that it managed to halt the attacker’s fraudulent emails. The company has also said that it reached out to the upstream provider and urged them to resolve the matter from their end and ensure that the threat actor cannot continue targeting users.
Phishing campaigns in the crypto sector
Phishing campaigns have been rampant in the cryptocurrency industry. Last month, a hacker used Google Ad services to steal non-fungible tokens (NFTs) and other digital assets from investors. One of the crypto investors affected by this hack was an NFT influencer, NFT Gold, who lost a significant amount of his digital assets after a phishing campaign.
The influencer said he lost his NFTs after accidentally downloading malicious software embedded within a Google advertisement. The hack happened after the influencer used the Google Search engine to download an open-source video streaming software. However, he ended up following a link within a sponsored ad, leading to the loss of funds.
However, it is not the first time phishing campaigns have targeted MetaMask. In April last year, MetaMask sent an alert to its iOS users warning them about the seeds of digital asset wallets that were stored within the Apple iCloud when the app data backup was active.
Despite the company issuing the warning, it appeared that some users had already been affected by the hacking campaign because at least one MetaMask user lost more than $655K worth of digital assets in a sophisticated phishing campaign. The victim received simultaneous messages urging him to reset his Apple account and calls from people purporting to be Apple support agents.
However, after following the prompts, the victim gave the hackers a six-digit verification, which was later used to steal from his MetaMask wallet.