Malicious actors attempt to scam crypto wallet MetaMask users.
MetaMask, a software cryptocurrency wallet established in 2016 by ConsenSys, has warned its investors about a phishing attack.
According to the tweet shared by web hosting firm Namecheap, malicious actors used the company's third-party upstream system to contact MetaMask clients.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
What is Fantom? | Animated FTM Explainer
Namecheap revealed that it noticed suspicious activity, which the firm later called an “email gateway issue,” on the evening of February 12th. The hackers allegedly sent unauthorized emails directly to MetaMask users.
The news portal BleepingComputer shared a detailed analysis revealing that phishing emails asked users to complete Know Your Customer (KYC) verification to prevent the wallet from allegedly being suspended.
On top of that, the email contained a link directing users to a phishing page that imitates MetaMask. On the page, users were asked to enter their “Secret Recovery Phrase” or “Private key.”
The BleepingComputer noted that once users provide the required information, "the threat actors can use them to import the wallet to their own devices and steal all the funds and assets."
In response to the news, MetaMask used Twitter to warn over a million of its Twitter followers about the email scams. The company highlighted that it does not collect KYC information and would never send emails to investors about their accounts.
On top of that, the company stressed that users who received suspicious emails imitating MetaMask or Namecheap should ignore and delete them.
It is worth noting that a few hours after the initial warning, Namecheap revealed that the mail delivery had been restored. However, the company highlighted that it will continue to investigate the issue.
It is not the first time MetaMask had problems with phishing emails. In August 2022, blockchain security firm Halborn warned MetaMask users about a phishing scheme that attempts to trick crypto wallet users into giving out their passwords.