Etherscan, CoinGecko warn against ongoing MetaMask phishing attacks

Popular crypto analytics platforms Etherscan and CoinGecko have parallelly issued an alert against an ongoing phishing attack on their platforms. The firms began investigating the attack after numerous users reported unusual MetaMask pop-ups prompting users to connect their crypto wallets to the website. 

Based on the information disclosed by the analytics firms, the latest phishing attack attempts to gain access to users’ funds by requesting to integrate their crypto wallets via MetaMask once they access the official websites.

Etherscan further revealed that the attackers have managed to display phishing pop-ups via third-party integration and advised investors to refrain from confirming any transactions requested by MetaMask.

Pointing toward the possible cause of the attack, @Noedel19, a member of Crypto Twitter, connected the ongoing phishing attacks to the compromise of Coinzilla, an advertising and marketing agency, stating that “Any website that makes use of Coinzilla Ads are compromised.”

Compromised CoinZilla source code with phishing link. Source: @Noedel19

The screenshots shared below show the automated pop-up from MetaMask asking to connect with the link falsely portraying as Bored Ape Yacht Club’s (BAYC) non-fungible token (NFT) offering.

CoinGecko website showing fake MetaMask pop-up. Source: @Noedel19

On May 4, Cointelegraph further warned readers about the rise in Ape-themed airdrop phishing scams, which is further cemented by the latest warnings issued by Etherscan and CoinGecko.

While an official confirmation from Coinzilla is still underway, @Noedel19 suspects that all companies that have ad integration with Coinzilla remain at risk of similar attacks wherein their users get pop-ups for MetaMask integration.

As a primary means of damage control, Etherscan has disabled the compromised third-party integration on its website.

Coinzilla has not yet responded to Cointelegraph’s request for comment.

Related: Bored Ape Yacht Club NFTs stolen in Instagram phishing attack

The team behind BAYC recently warned investors about an attack after hackers were found to breach their official Instagram account.

As Cointelegraph reported on April 25, hackers were able to gain access to BAYC’s official Instagram account. The hackers then contacted BAYC’s Instagram followers and shared links to fake airdrops. 

Users who connected their MetaMask wallets to the scam website were subsequently drained of their Ape NFTs. Unconfirmed reports suggest that approximately 100 NFTs were stolen during the phishing attack.

All Dutch and English crypto news!

Vitalik Buterin wants rollups to hit stage 1 decentralization by year-end

Ethereum network standards should increase when considering layer-2 scaling solutions, suggested Ethereum co-founder Vitalik Buterin. News Own this piece of crypto history Collect this article as NFT Join us...

MicroStrategy is trading at an ‘unjustifiable premium’ to Bitcoin: Analyst

Kerrisdale Capital claims MicroStrategy’ is no longer a “unique way to gain access to Bitcoin” but Michael Saylor has long argued his firm will remain...

Mystery malware targets Call of Duty cheaters, stealing their Bitcoin

Malware database vx-underground has warned of a new info-stealing malware in cyberspace that is targeting video gamers, especially those who use cheating software. News Own this piece...

Prisma Finance $11.6M hacker claims it was a ‘whitehat rescue’

The hacker’s on-chain message came approximately six hours after the hack occurred. However, blockchain security firms noted the hacker had also started swapping the stolen...

Beste exchanges

Koop je crypto bij Bitvavo