MetaMask warned its users not to reveal secret recovery phrases after a compromise of Namecheap’s email providers.
Crypto users are the favorite targets of hackers due to the sheer amount of funds locked with DeFi services. In 2022, hackers stole over $3 billion worth of crypto through various means, including phishing attacks.
Crypto phishing is when bad actors trick users into giving away access to their assets through Secret Recovery Phrase or other sensitive information.
Since Sunday, some users have received emails from MetaMask redirecting to a phishing website asking for their Secret Recovery Phrase.
As users have direct custody of their assets, it becomes easier for hackers to steal from not-so-tech-savvy wallet holders. Scammers have time and again used illicit services like Monkey Drainer contracts to extract the assets out of users’ wallets once they connect them to phishing websites.
This time hackers targeted the mailing service provider Namecheap by sending unsolicited emails. Namecheap is a domain name registrar and web hosting company.
Users received emails asking to verify Know Your Customer (KYC) requirements. The emails redirected users to phishing websites, which later asked users to enter their Secret Recovery Phrase.
MetaMask warned that they do not collect KYC information from their users and will never email asking for it.
Due to multiple phishing attempts in the past, MetaMask recently added an optional phishing detection alert feature. With this feature, users get a warning when they connect their wallet to a phishing website.
BeInCrypto is awaiting a response from MetaMask regarding the recent phishing incident.
BeInCrypto has reached out to company or individual involved in the story to get an official statement about the recent developments, but it has yet to hear back.