Hackers exploit Namecheap email system in phishing campaign

Hackers gained access to the Namecheap email system and used it to send MetaMask and DHL phishing emails aimed at customers’ personal and crypto wallet information.

Namecheap confirmed its upstream email system had been hacked in a status update and warned customers of an ongoing phishing campaign. Because they were sent from Namecheap’s account, the emails appeared to be legitimate.

The domain registrar, which has been praised for recent security improvements, stated that its own systems were not compromised and that no products, accounts, or personal information were affected.

After receiving complaints on Twitter, Namecheap CEO Richard Kirkendall confirmed that the account had been compromised and that email through SendGrid had been disabled while they investigated the problem. Kirkendall also stated that they believe the breach is related to a December CloudSek report about Mailgun, MailChimp, and SendGrid API keys being exposed in mobile apps.

This campaign’s phishing emails impersonate either DHL or MetaMask. The DHL phishing email appears to be a bill for a delivery fee required to complete a package delivery. The embedded links take the target to a phishing page that attempts to steal the target’s information.

While The MetaMask phishing emails included a link ( that redirected the victims to a phishing page requesting the victims’ “Secret Recovery Phrase” or “Private key” that hackers could use to take over their wallets. They also impersonated MetaMask, a self-hosted wallet provider, and asked victims to complete the KYC (Know Your Customer) verification process in order to keep access to their crypto wallets.

The sources for this piece include an article in CPOMAGAZINE.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web