Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
The email account of domain name registrar Namecheap has been hacked and hackers are using the account to send phishing emails. According to a report by BleepingComputer, the phishing campaign originated from SendGrid, an email platform used by Namecheap to send marketing emails and renewal notifications. The phishing emails pretended to be from logistics provider DHL and cryptocurrency wallet MetaMask. The email posing as MetaMask stated that the recipient's account had been suspended and would need to complete a KYC verification process before it could be reactivated. The email also contained a Namecheap marketing link that redirected users to a fake MetaMask page that asked users to enter their seed phrase or private key, seeking to steal the recipient's personal information and cryptocurrency wallet assets. The official MetaMask response stated that MetaMask will not collect KYC information, nor will it send emails to users about their accounts. Attack method (per SlowMist): Phishing Attack. Reported loss: -.
- chain
- —
- protocol
- Namecheap
- bug_class
- private-key
- date_occurred
- 2023-02-12
- loss_usd
- —
- source_id
- sm:namecheap::2023-02-12