Phishing attack pop-up targets MetaMask users visiting popular crypto sites

2 weeks ago 25

As if this week weren’t atrocious capable for galore cryptocurrency owners, with stablecoins crashing and Coinbase suffering an outage astatine a peculiarly atrocious time, present they’ve reportedly been targeted by a caller phishing attack. As reported by CoinDesk and The Block Crypto, sites including Etherscan, CoinGecko, and DexTools each warned users that they were alert of suspicious popups appearing for visitors, and advised them not to corroborate immoderate transactions based connected popups.

Like galore caller phishing attacks, this 1 appeared to committedness a nexus to the Bored Ape Yacht Club project, with an ape skull logo and a (now-disabled) nftapes.win domain. It prompted users to link their MetaMask wallets (a bundle cryptocurrency wallet that enables entree connected your telephone oregon via a browser extension) to usage connected the site, and since it was appearing connected domains that galore radical spot and usage each day, they whitethorn person fallen for it and fixed it access.

Update: The concern is caused by a malicious advertisement publication by Coinzilla, a crypto advertisement web - we person disabled it present but determination whitethorn beryllium immoderate hold owed to CDN caching. We are monitoring the concern further. Do enactment connected alert and don't link your Metamask connected CoinGecko. https://t.co/NY0ppKecIG

— CoinGecko (@coingecko) May 13, 2022

Last November, the information institution Check Point Research identified a phishing onslaught that utilized Google Ads that would either effort to bargain someone’s credentials oregon instrumentality them into logging into the attacker's wallet truthful that it would person immoderate transactions they attempted. In February, a phishing onslaught stole $1.7 million worthy of NFTs from OpenSea users, portion a much caller effort via Discord only snagged $18,000 worthy of tokens.

Etherscan said it has disabled third-party integrations for the clip being. A tweet from CoinGecko identified the root of the malicious popup arsenic Coinzilla, an manufacture advertizing web that told customers it could present implicit 1 cardinal impressions per period crossed much than 600 reputable sites fashionable with crypto enthusiasts.

Interim we've taken contiguous enactment to disable the said 3rd enactment integration connected Etherscan.

— “The Etherscan” (@etherscan) May 13, 2022
Read Entire Article