Etherscan, CoinGecko warn of ongoing MetaMask phishing attack

Popular crypto analytics platforms Etherscan and CoinGecko simultaneously issued warnings of ongoing phishing attacks on their platforms. The company launched an investigation into the attack after numerous users reported unusual MetaMask pop-ups asking users to connect their crypto wallets to their website.

According to information released by the analytics company, the latest phishing attacks attempt to gain access to users’ funds by asking them to integrate their crypto wallet via MetaMask when they access an official website.

Etherscan also revealed that attackers displayed phishing pop-ups through third-party integrations and advised investors not to confirm transactions requested by MetaMask.

Crypto Twitter member @Noedel19 pointed out the possible cause of the attack and linked the ongoing phishing attack to the compromise of advertising and marketing agency Coinzilla, saying, “All websites that use Coinzilla advertising will It is damaged,” he said.

CoinZilla source code compromised by phishing links. Source: @Noedel19

The screenshot shared below shows an automatic popup from MetaMask requesting to link to a link that was misrepresented as a Non-Fungible Token (NFT) offer by Bored Ape Yacht Club (BAYC).

16dfdb3c 2a76 4a9e 91de 36f1589576f0
CoinGecko website showing fake MetaMask popup. Source: @Noedel19

On May 4, Cointelegraph warned readers about the rise in Ape-themed airdrop phishing scams, further reinforced by the latest alerts released by Etherscan and CoinGecko.

Although an official confirmation from Coinzilla is still ongoing, @Noedel19 suspects that Coinzilla and any company that has an ad integration is at risk of a similar attack that displays a MetaMask integration popup to users.

As a primary means of damage control, Etherscan has disabled compromised third-party integrations on its website.

Coinzilla has not yet responded to Cointelegraph’s request for comment.

Relevant: Bored Ape Yacht Club NFT Stolen In Instagram Phishing Attack

The team behind BAYC has recently warned investors of an attack after it was revealed that hackers had compromised an official Instagram account.

According to Cointelegraph on April 25, hackers were able to gain access to BAYC’s official Instagram account. The hacker then contacted BAYC’s Instagram followers and shared a fake airdrop link.

Users who linked their MetaMask wallets to scam websites later exhausted their Ape NFTs. unconfirmed report Propose About 100 NFTs were stolen during the phishing attack.

Leave a Comment