Namecheapโ€™s email account was breached on Sunday evening to be used for sending phishing emails to Namecheap customers โ€“ in an attempt to steal sensitive information.

The unknown threat actor used DHL and MetaMask themes for stealing the data โ€“ of customersโ€™ cryptocurrency wallet keys and other important information. Namecheap disabled their compromised email account and said to be investigating the incident.

Exploiting Namecheapโ€™s Email Account

Since yesterday, several Namecheap users have been complaining about receiving suspicious emails from the service asking for sensitive details โ€“ which was later confirmed to be a hacking incident โ€“ as Namecheap CEO Richard Kirkendall said in a tweet.

People noted the suspicious emails being sent through the SendGrid network โ€“ an email delivery service often used by Namecheap for sending transactional and marketing emails to its customers. Hackers who breached Namecheapโ€™s email account used this to send phishing emails to its customers โ€“ asking for sensitive data.

Most reported seeing emails coming with either DHL or MetaMask themed โ€“ where the former is asking users to fill in important information on the name of a delivery fee for a package. If not this, some received MetaMask phishing emails asking for their cryptocurrency wallet private key.

This is fuelled by a pending KYC (Know Your Customer) verification to prevent their wallet from being suspended! The suspicious email contains a marketing link from Namecheap (https://links.namecheap.com/) that redirects the user to a phishing page pretending to be MetaMask. When arrives, it asks the user to enter their โ€˜Secret Recovery Phraseโ€™ or โ€˜Private keyโ€™ to process the request.

Kirkendall said they believe the breach may be related to Decemberโ€™s CloudSek report โ€“ where the API keys of Mailgun, MailChimp, and SendGrid were exposed in mobile apps. But a request by BleepingComputer to Twilio (parent of SendGrid) denied this possibility โ€“ and affirmed that breach was not a result of any hack. Instead, they encouraged users to use multiple security methods like 2FA, IP address-based access, etc., to secure to be safe.

LEAVE A REPLY

Please enter your comment!
Please enter your name here