Renowned crypto wallet provider, MetaMask has notified its community about a phishing attempts by hackers desperately seeking to exploit users’ assets. The crypto wallet firm gave the notification in its Monday Twitter post. Through the post, MetaMask warned its users to be wary of such phishing efforts so as not to become vulnerable.
Notably, the scammers planned to leverage on the third-party upstream system of NameCheap. Recall that on Sunday, the web hosting company suspected the misuse of one of its third-party services to send some phishing mails. NameCheap identified the incident as an “email gateway issue.” Now, MetaMask said there are indications that the phishing mails are directly targeted at its users.
Occasioned by this development, the crypto wallet asked its users not to release their know-your-customer (KYC) information to any party disguising to be from the firm. According to Metamask, it does not not collect or ask for know-your-customer (KYC) information. Also, the firm said it does not contact users through emails to discuss account details.
More so, MetaMask advised its users not to surrender their seed phrases to anyone. According to the crypto wallet, surrendering such personal information enables the hacker to take complete control of their funds.
Link to fake MetaMask website present in the Phishing mail – NameCheap
According to NameCheap, the phishing mail issued by the hacker comes with a link. The link, as revealed, enables access to a fake MetaMask website, tailored to request for users’ secret recovery phase to keep their accounts safe. The web hosting firm further confirmed that the exploitation of its gateway did not breach any of its services. Also, it affirmed that the data of its customers were not leaked or impacted by the incident. Shortly after, NameCheap came on board to notify the community of the recovery of its mail delivery. It also confirmed that all communications would henceforth be from the official source.
Meanwhile, both Metamask and NameCheap want to work together to investigate the attempted breach. This thus helps to expose the circumstances that paved way for the hacker to attempt such phishing mails. However, the crypto wallet provider advised users to always check website links, email addresses very well before falling to it. This, as revealed, helps them to discern the genuineness of the mails.
It is noteworthy that the crypto and NFT sphere have, over time, been engulfed with numerous exploitations. In January 2023, an hacker leveraged on Google Ad services to steal nonfungible tokens (NFTs) and cryptocurrencies from users. Also in February, renowned crypto lending platform, Bonq suffered a $120 million exploitation on its network. Still the same month, Shredded Apes, a NFT collection protocol endured the same breach which resulted into the loss of $15,589 on its main wallet. These thus indicate the prevalence of exploitations in the industry.