While a phishing campaign is spreading through email, MetaMask has alerted its users about this scam that asks to perform a KYC verification. The objective here is to steal investors’ private keys.
Fraudulent emails call for KYC verification on MetaMask
The Cryptocurrency Wallet Twitter Account MetaMask alerted its users to a phishing campaign rampant in recent days, calling for a Know Your Customer (KYC) verification to continue using the application:
⚠️MetaMask does not collect KYC info and will never email you about your account!
Do not enter your Secret Recovery Phrase on a website EVER.
If you got an email today from MetaMask or Namecheap or anyone else like this, ignore it & do not click its links!https://t.co/EP0HGZFOfo pic.twitter.com/4CDtne24OK
— MetaMask 🦊💙 (@MetaMask) February 13, 2023
Such emails are obviously scams, including the only objective is to steal investors’ private keys in order to steal their funds. Here, the KYC is only a motive, because the future victim will have to enter his seed phrase necessary for the configuration of his MetaMask wallet, which will allow hackers to take control of the addresses attached to it.
As the example below shows, such emails will often be constructed to give a sense of urgency. Thus, with a dose of inattention or credulity, the victim lets himself be trapped without taking the time to think about the situation rationally:
Example of a fraudulent email pretending to be MetaMask
It is important to point out that it is in no way necessary to perform a KYC verification to use MetaMask. In effect, such an imperative would cause a stir in the ecosystemand it goes without saying that if it happens one day, we will relay it as soon as possible.
👉 To go further – Find our guide on best practices to limit the risk of hack
The best way to secure your cryptocurrencies 🔒
🔥 The world leader in crypto security
👉 Listen to this article and all other crypto news on Spotify
The source of this phishing campaign
The source of this phishing campaign is foreign to MetaMask, which is not the victim of any flaw. It is actually look at Namecheapone of the third parties that this company works with is behind this campaign:
“We have evidence that the upstream system we use for sending emails is involved in sending unsolicited emails to our customers. Therefore, you might have received some unauthorized emails. »
Namecheap is a domain name provider (DNS) and therefore includes customers from the cryptocurrency ecosystem. It is therefore likely that this is the way hackers have harvested a database of crypto investors to carry out their attack.
However, this is not the first time that Namecheap has been involved in a failure that could lead to the loss of cryptocurrencies. In the summer of 2022, a DNS attack affected several decentralized finance (DeFi) protocols, attempting to redirect user funds to fraudulent smart contracts.
If you think you’ve been the victim of such a fraud by entering your recovery phrase in the wrong place, the wisest course of action would be to migrate your funds to a wallet created with a different private key before it’s too late, and stop using the address concerned.
👉 Read also – North Korea stole more than $1 billion in cryptocurrencies in 2022
🎁 Cryptoast Research Launch Offer
1st Newsletter Free with the code TOASTNL
Receive a summary of crypto news every Monday by email 👌
What you need to know about affiliate links. This page presents assets, products or services relating to investments. Some links in this article are affiliated. This means that if you buy a product or register on a site from this article, our partner pays us a commission. This allows us to continue to offer you original and useful content. There is no impact on you and you can even get a bonus by using our links.
Investments in cryptocurrencies are risky. Cryptoast is not responsible for the quality of the products or services presented on this page and could not be held responsible, directly or indirectly, for any damage or loss caused following the use of a good or service highlighted in this article. Investments related to crypto-assets are risky by nature, readers should do their own research before taking any action and only invest within the limits of their financial capabilities. This article does not constitute investment advice.
AMF recommendations. There is no guaranteed high return, a product with high return potential involves high risk. This risk-taking must be in line with your project, your investment horizon and your ability to lose part of this savings. Do not invest if you are not ready to lose all or part of your capital.
To go further, read our Financial Situation, Media Transparency and Legal Notices pages.