MetaMask has issued a warning about a new phishing method via email, asking users to do KYC again on a fake website and steal assets.
The scam appeared on February 12 and was quickly warned because of the high risk. Accordingly, some MetaMask users said they received an email informing them that their accounts were about to be locked and needed to perform KYC again, at the end of the email attached a link to a “fake” MetaMask website.
It is worth noting that the emails all use the Namecheap domain name instead of MetaMask’s business email, and this is the first sign of a scam. However, if anyone is not observant, they can still fall into the trap and click on the link.
Next, at the fake website, the user is asked to re-enter his recovery key phrase (Secret Recovery Phrase). After the user provides the key, the hacker will quickly import the wallet on their device, and eventually steal all the assets in the wallet.
MetaMask yesterday (February 13) issued a warning on Twitter as follows:
⚠️MetaMask does not collect KYC info and will never email you about your account!
Do not enter your Secret Recovery Phrase on a website EVER.
If you got an email today from MetaMask or Namecheap or anyone else like this, ignore it & do not click its links!https://t.co/EP0HGZFOfo pic.twitter.com/4CDtne24OK
— MetaMask (@MetaMask) February 13, 2023
“MetaMask does not collect KYC information and will never send such emails.
NEVER enter your recovery key on an unknown website.
If you get an email today from MetaMask or Namecheap or anywhere else like this, ignore it and don’t click the affiliate link!”
Due to a lot of experience in trying to prevent scams in the past (recently appearing in the form of “poisoning wallet addresses”), MetaMask has added a phishing detection alert feature. With this feature, users will receive a warning when linking the wallet to a phishing site.
A representative of MetaMask told the media:
“We have various anti-phishing initiatives in place such as warning users to interact with known malicious websites. MetaMask manages this list and many contributors from the ecosystem are pushing to update this list. Since the start of the initiative, we have had 11,512 requests to block 33,478 domains from 100 different contributors.”
At a related development, the domain name company Namecheap on the evening of February 12 also had its email account compromised, causing countless emails to be sent with fraudulent purposes. In addition to MetaMask, DHL delivery was also targeted, with emails asking buyers to pay an additional fee to complete the order.
According to a report from Immunefithe crypto industry in 2022 has seen loss of nearly 4 billion USD by various forms of fraud. With the majority coming from hacking/exploit accounting for 95.6%, while rug pull or phishing attacks account for 4.4%.