Crypto wallet holders were targeted this weekend when domain registrar Namecheap was hacked, allowing scammers to send out a raft of phishing emails impersonating MetaMask and DHL, reports BleepingComputer.
Namecheap’s email system was breached on Sunday and messages attempting to steal personal details and crypto wallets were fired out via the company’s email platform SendGrid. This is the email system used by Namecheap to deliver its renewal notices and marketing emails.
The breach was discovered when users flagged the emails on Twitter. According to would-be victims, the messages either claimed to be a bill for a DHL delivery or a MetaMask know-your-customer (KYC) verification email. The MetaMask email read:
“We are writing to inform you that in order to continue using our wallet service, it is important to obtain KYC (Know Your Customer) verification. KYC verification helps us to ensure that we are providing our services to legitimate customers.
“By completing KYC verification, you will be able to securely store, withdraw, and transfer funds without any interruptions. It also helps us to protect you against financial fraud and other security threats.
“We urge you to complete KYC verification as soon as possible to avoid suspension of your wallet,” (via BleepingComputer).
The message also included a link to a phishing page requesting that the user enter their private keys.
Confusion still surrounds the source of Namecheap breach
In the wake of the attack, Namecheap moved to deny that its systems had been compromised, instead claiming that the problem was an “upstream” issue affecting its email platform.
It hasn’t explicitly confirmed that SendGrid is the provider in question, however, it has confirmed using the system in the past and its name appeared in the emails’ headers.
Confusingly, SendGrid denied that the attack originated from a breach of its systems.
Namecheap subsequently ceased all emails and eventually got its services back online later the same day.