The developers of the non-custodial crypto wallet MetaMask have warned users about phishing attacks conducted via a third-party email service.
⚠️MetaMask does not collect KYC info and will never email you about your account!
Do not enter your Secret Recovery Phrase on a website EVER.
If you got an email today from MetaMask or Namecheap or anyone else like this, ignore it & do not click its links!https://t.co/EP0HGZFOfo pic.twitter.com/4CDtne24OK— MetaMask 🦊💙 (@MetaMask) February 13, 2023
“MetaMask does not collect KYC-information and will never email you about your account! Never enter your Secret Recovery Phrase on a website. If you receive an email from MetaMask, Namecheap or anyone else, ignore it and do not click the link,” wrote the MetaMask team.
Namecheap, the email service provider, confirmed that malicious messages were sent through its service. According to the statement, the email systems were not breached and user data were not affected.
We have evidence that the upstream system we use for sending emails is involved in the mailing of unsolicited emails to our clients. It was stopped immediately.
— Namecheap.com (@Namecheap) February 13, 2023
The teams continue to investigate the incident and warn users to double-check links from MetaMask or Namecheap. The latter’s developers noted that they cannot yet prevent the sending of fraudulent emails. They have contacted their upstream provider to resolve the issue.
Hi, we have evidence that upstream system we use for sending emails is involved. Please ignore such emails and do not click on any links. Also, we have stopped the emails and contacted our upstream provider to resolve it: https://t.co/2xJ362KF0f
— Namecheap.com (@Namecheap) February 13, 2023
Earlier in February, the MetaMask team added an option in the application’s settings to switch the RPC-provider.