Bitcoin btc
$ usd

MetaMask Cautions Vigilance After Latest Phishing Scam

2 mins
Updated by Geraint Price
Join our Trading Community on Telegram

In Brief

  • MetaMask users have received phishing emails asking pretending to verify the KYC details.
  • This was due to a compromise in Namecheap’s email service providers.
  • The wallet recently added a phishing detection alert feature.
  • promo

MetaMask warned its users not to reveal secret recovery phrases after a compromise of Namecheap’s email providers.

Crypto users are the favorite targets of hackers due to the sheer amount of funds locked with DeFi services. In 2022, hackers stole over $3 billion worth of crypto through various means, including phishing attacks.

Crypto phishing is when bad actors trick users into giving away access to their assets through Secret Recovery Phrase or other sensitive information.

Since Sunday, some users have received emails from MetaMask redirecting to a phishing website asking for their Secret Recovery Phrase.

MetaMask Users Once Again the Target of Hackers

As users have direct custody of their assets, it becomes easier for hackers to steal from not-so-tech-savvy wallet holders. Scammers have time and again used illicit services like Monkey Drainer contracts to extract the assets out of users’ wallets once they connect them to phishing websites.

This time hackers targeted the mailing service provider Namecheap by sending unsolicited emails. Namecheap is a domain name registrar and web hosting company.

Users received emails asking to verify Know Your Customer (KYC) requirements. The emails redirected users to phishing websites, which later asked users to enter their Secret Recovery Phrase.

MetaMask phishing email
Source: BleepingComputer

MetaMask warned that they do not collect KYC information from their users and will never email asking for it.

Due to multiple phishing attempts in the past, MetaMask recently added an optional phishing detection alert feature. With this feature, users get a warning when they connect their wallet to a phishing website.

A MetaMask spokesperson told BeInCrypto: “We have various anti-phishing initiatives: One of them is actively blocking users from interacting with known malicious domains. MetaMask manages this list, and many contributors from the ecosystem are pushing updates to this list. Since the inception of this initiative, we have had 11,512 pull requests to block 33,478 domains from 100 different contributors.”

Got something to say about MetaMask phishing attacks or anything else? Write to us or join the discussion on our Telegram channel. You can also catch us on TikTok, Facebook, or Twitter.

For BeInCrypto’s latest Bitcoin (BTC) analysis, click here.


In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content.

Harsh Notariya
Harsh started investing in crypto during the 2021 bull market. He took the opportunity of the market crash in May to learn more about Bitcoin and blockchain technology. Since...