MetaMask warned investors against ongoing phishing attempts by scammers attempting to contact users through Namecheap’s third-party upstream system for emails.
On the evening of Feb. 12, web hosting company Namecheap detected the misuse of one of its third-party services for sending some unauthorized emails , which directly targeted MetaMask users. Namecheap described the incident as an email gateway issue.
In the proactive alert, MetaMask reminded its million followers that it does not collect Know Your Customer information and will never reach out over an email to discuss account details.
The phishing emails sent by the hacker contain a link that opens a fake MetaMask website requesting a secret recovery phrase to keep your wallet secure.
The wallet provider advised investors to refrain from sharing seed phrases, as it hands complete control of the user’s funds to the hacker.
NameCheap further confirmed that its services were not breached and that no customer data was leaked in this incident. Within two hours of the initial intimation, Namecheap confirmed that its mail delivery was restored and that all communications would now be from the official source.
However, the main issue related to the mailing of unsolicited emails is still under investigation. Investors are advised to recheck website links, email addresses and points of contact when dealing with communications from MetaMask and Namecheap.