Hackers target domain registrar Namecheap for crypto phishing campaign

Quick Take

  • Namecheap’s email account with SendGrid was compromised and used to execute a phishing campaign posing as DHL and MetaMask.
  • MetaMask warned its users to be wary of unsolicited emails claiming to be from the team and advised them not to click on any links.

Domain name registrar Namecheap's email account was breached, resulting in a widespread phishing campaign aimed at stealing crypto from potentially thousands of its users.

The attack was traced back to SendGrid, the email platform used by Namecheap. Hackers utilized it to execute their phishing scheme. That account is now back under control.

“We have evidence that the upstream system we use for sending emails is involved in the mailing of unsolicited emails to our clients. It was stopped immediately,” Namecheap said.

After compromising Namecheap's SendGrid, the perpetrator sent fake emails on behalf of Namecheap to its users purporting to be from delivery firm DHL or crypto wallet MetaMask. The phishing email claiming to be from DHL appeared as a delivery fee invoice, while the MetaMask phishing email stated that KYC verification was necessary to avoid suspension of users' wallets.

If someone clicked the link in the email, they would be directed to a bogus page requesting their private key or secret recovery phrase, which the attackers could then use to steal the funds from their wallet.

In response to the attack, MetaMask released a statement warning its users to be wary of unsolicited emails claiming to be from the team. "If you got an email today from MetaMask or Namecheap or anyone else like this, ignore it & do not click its links!" the project noted.

Phishing is a type of cyber attack that aims to steal sensitive information such as credit card credentials or, in MetaMask's case, the seed phrase of crypto wallets. A phishing campaign is a coordinated effort by attackers to carry out multiple phishing attacks simultaneously, usually through the use of emails or fake websites. The emails or websites are designed to look legitimate and trick victims into entering their sensitive information. The information is then used for fraudulent activities, such as identity theft or unauthorized access to financial accounts.


© 2024 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is The Block’s Crypto Ecosystems Editor and has spent over seven years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal can be reached on Twitter at @vishal4c and via email at [email protected]

Editor

To contact the editor of this story:
Tim Copeland at
[email protected]