Hackers target domain registrar Namecheap for crypto phishing campaign

Domain name registrar Namecheap's email account was breached, resulting in a widespread phishing campaign aimed at stealing crypto from potentially thousands of its users.

The attack was traced back to SendGrid, the email platform used by Namecheap. Hackers utilized it to execute their phishing scheme. That account is now back under control.

“We have evidence that the upstream system we use for sending emails is involved in the mailing of unsolicited emails to our clients. It was stopped immediately,” Namecheap said.

After compromising Namecheap's SendGrid, the perpetrator sent fake emails on behalf of Namecheap to its users purporting to be from delivery firm DHL or crypto wallet MetaMask. The phishing email claiming to be from DHL appeared as a delivery fee invoice, while the MetaMask phishing email stated that KYC verification was necessary to avoid suspension of users' wallets.

If someone clicked the link in the email, they would be directed to a bogus page requesting their private key or secret recovery phrase, which the attackers could then use to steal the funds from their wallet.

In response to the attack, MetaMask released a statement warning its users to be wary of unsolicited emails claiming to be from the team. "If you got an email today from MetaMask or Namecheap or anyone else like this, ignore it & do not click its links!" the project noted.

Phishing is a type of cyber attack that aims to steal sensitive information such as credit card credentials or, in MetaMask's case, the seed phrase of crypto wallets. A phishing campaign is a coordinated effort by attackers to carry out multiple phishing attacks simultaneously, usually through the use of emails or fake websites. The emails or websites are designed to look legitimate and trick victims into entering their sensitive information. The information is then used for fraudulent activities, such as identity theft or unauthorized access to financial accounts.