en
Back to the list

BEWARE: Etherscan and CoinGeckotw, have issued alerts about an ongoing phishing attack 

source-logo  thecoinrepublic.com 16 May 2022 16:30, UTC

While investigations are ongoing, the continuous attack on several crypto platforms could be linked to the hacking of Coinzilla, a digital marketing and advertising firm.

Etherscan and CoinGecko, two popular crypto analytics platforms, have both issued alerts about an ongoing phishing attack on their platforms. 

Phishing attack tries to gain access to users’ funds by-

According to the data provided by the analytics firms, the latest phishing attack tries to gain access to users’ funds by requesting that they integrate their crypto wallets via MetaMask once they visit the official websites.

After numerous users reported unusual MetaMask pop-ups urging them to connect their crypto wallets to the website, the companies began investigating the attack.

Etherscan also disclosed that the attackers used third-party integration to display phishing pop-ups, and warned investors to avoid confirming any transactions requested by MetaMask.

“Any website that uses Coinzilla Ads is affected,” Crypto Twitter user @Noedel19 said, linking the ongoing phishing attacks to the Coinzilla, an advertising and marketing provider, breach.

The screenshots below demonstrate an automated pop-up from MetaMask urging you to connect with a link that falsely claims to be a non-fungible token (NFT) offering from Bored Ape Yacht Club (BAYC).

Crypto is still Vulnerable to phishing attacks

While official confirmation from Coinzilla is still pending, @Noedel19 believes that all organizations with Coinzilla ad integration are still vulnerable to similar assaults in which their users are blasted with pop-ups requesting MetaMask integration.

Etherscan has stopped the compromised third-party integration on its website as a key strategy of hardness values.

Coinzilla informed a platform within hours of the above development that the problem had been detected and fixed, and that the services had not been compromised:

“Our automatic security checks were able to pass a single ad with malicious code. Our team stopped it and locked the account after it ran for less than an hour.”

On April 25, the crypto-based platform claimed that hackers had gained access to BAYC’s official Instagram account. The hackers then emailed BAYC’s Instagram followers with fake airdrop URLs.

Users who connected their MetaMask wallets to the scam website had their Ape NFTs depleted. According to unconfirmed reports, the phishing attack resulted in the theft of approximately 100 NFTs.

ALSO READ: Be Cautious LUNA and UST Investors If You Don’t Want To Get Coaxed In A Fraud 

thecoinrepublic.com