As a phishing campaign spreads via email, MetaMask has alerted its users to a scam that requires KYC verification. The goal here is to steal investors’ private keys.
Scam emails call for KYC verification on MetaMask
The Twitter account of cryptocurrency wallet MetaMask has alerted its users to a phishing campaign running rampant in recent days, calling for a Know Your Customer (KYC) check to continue using the application:
⚠️MetaMask does not collect KYC info and will never email you about your account!
Do not enter your Secret Recovery Phrase on a website EVER.
If you got an email today from MetaMask or Namecheap or anyone else like this, ignore it & do not click its links!https://t.co/EP0HGZFOfo pic.twitter.com/4CDtne24OK– MetaMask (@MetaMask) February 13, 2023
Such emails are obviously scams, whose sole purpose is to steal investors’ private keys in order to steal their funds. Here, KYC is only a motive, as the future victim will have to enter their seed phrase needed to set up their MetaMask wallet, which will allow the hackers to take control of the addresses attached to it.
As the example below shows, these emails will often be constructed to give a sense of urgency. Thus, with a dose of inattention or gullibility, the victim is tricked without taking the time to think about the situation rationally:
Example of a fraudulent email posing as MetaMask
It is important to note that it is not necessary to perform a KYC check to use MetaMask. Indeed, such a requirement would be a big deal in the ecosystem, and it goes without saying that if it ever happens, we will relay it as soon as possible.
The source of this phishing campaign
The source of this phishing campaign is unrelated to MetaMask, which is not a victim of any vulnerability. The source of this phishing campaign is not MetaMask, which is not a victim of any breach, but rather Namecheap, one of the third parties it works with, is behind this campaign:
We have evidence that the upstream system we use to send emails is involved in sending unsolicited emails to our customers. As a result, you may have received some unauthorised emails. “
Namecheap is a domain name provider (DNS) and therefore includes customers from the cryptocurrency ecosystem. It is thus likely that it was through this route that the hackers harvested a database of crypto investors to conduct their attack.
However, this is not the first time Namecheap has been implicated in a breach that could result in a loss of cryptocurrencies. In the summer of 2022, a DNS attack affected several decentralised finance (DeFi) protocols, attempting to redirect users’ funds to fraudulent smart contracts.
If you think you have been a victim of such a fraud by having entered your recovery phrase in the wrong place, the wisest decision would be to migrate your funds to a wallet created with a different private key before it is too late, and not to use the affected address again.
