It's been going on for years. I've personally tried to report phishing scams to Namecheap and get the laziest action on it (for example, I report 30 domains, and only one gets taken down and the rest + the account stay active) or totally ignored altogether after one or two exchanges. This laziness in response despite their platform being abused this heavily suggests they don't want to give up the revenue they're getting from it. The CEO is incredibly defensive about it and suggests that the security theater is evidence that they actually want to do something, but it's been years and they're still heavily used. This is despite not being the cheapest out there, which suggests that scammers prefer it for other reasons.
