MetaMask warned its users not to reveal secret recovery phrases after a compromise of Namecheap’s email providers.
Crypto users are the favorite targets of hackers due to the sheer amount of funds locked with services. In 2022, hackers stole over $3 billion worth of crypto through various means, including phishing attacks.
Crypto phishing is when bad actors trick users into giving away access to their assets through Secret Recovery Phrase or other sensitive information.
Since Sunday, some users have received emails from METAMASK redirecting to a phishing website asking for their Secret Recovery Phrase.
??MetaMask does not collect KYC info and will never email you about your account!
Do not enter your Secret Recovery Phrase on a website EVER.
If you got an email today from MetaMask or Namecheap or anyone else like this, ignore it & do not click its links!https://t.co/EP0HGZFOfopic.twitter.com/4CDtne24OK
— MetaMask ???? (@MetaMask) February 13, 2023
MetaMask Users Once Again the Target of Hackers
As users have direct custody of their assets, it becomes easier for hackers to steal from not-so-tech-savvy holders. Scammers have time and again used illicit services like Monkey Drainer contracts to extract the assets out of users’ wallets once they connect them to phishing websites.
This time hackers targeted the mailing service provider Namecheap by sending unsolicited emails. Namecheap is a domain name registrar and web hosting company.
Users received emails asking to verify Know Your Customer (KYC) requirements. The emails redirected users to phishing websites, which later asked users to enter their Secret Recovery Phrase.
MetaMask that they do not collect KYC information from their users and will never email asking for it.
Due to multiple phishing attempts in the past, MetaMask recently added an optional phishing detection alert feature. With this feature, users get a warning when they connect their wallet to a phishing website.
A MetaMask spokesperson told BeInCrypto: “We have various anti-phishing initiatives: One of them is actively blocking users from interacting with known malicious domains. MetaMask manages this list, and many contributors from the ecosystem are pushing updates to this list. Since the inception of this initiative, we have had 11,512 pull requests to block 33,478 domains from 100 different contributors.”
Got something to say about MetaMask phishing attacks or anything else? Write to us or join the discussion on our Telegram channel. You can also catch us on FacebookTwitter
