Holders of Metamask accounts received phishing emails relayed via Namecheap, that were technically legitimate.
These emails did not originate at Namecheap, however, as the hacking utilized API keys linked to Sendgrid, a third party mailing application.
By using these API keys, hackers were able to fake these emails in a (technically) convincing way, bypassing filters set by email providers and email applications.
Meanwhile, Namecheap shared the findings of its ongoing investigation with a message to its customer base:
We have evidence that the upstream system we use for sending emails (third-party) is involved in the mailing of unsolicited emails to our clients. As a result, some unauthorized emails might have been received by you.
We would like to assure you that Namecheap’s own systems were not breached, and your products, accounts, and personal information remain secure.
Please ignore such emails and do not click on any links.
We have stopped all the emails (that includes Auth codes delivery, Trusted Devices’ verification, and Password Reset emails, etc.) and contacted our upstream provider to resolve the issue. At the same time, we are also investigating the issue from our side.
We apologize for any inconvenience during this issue and thank you in advance for your patience and understanding.
Once we have any news from the responsible team, this post will be updated right away.
For updates from Namecheap, click here.
A similar incident took place a few days ago, involving the domain and services of dotDB.com.
In that incident, the hacker used Sendgrid to mass-email the customer base of dotDB with “news” that it was supposedly shutting down. The company told us that a former employee was involved in the incident but no further details were released.