As if this week hadn’t been awful enough for cryptocurrency investors, what with stablecoins collapsing and Coinbase going down at an inconvenient time, they’ve now been targeted by a new phishing scam. While investigations are ongoing, the continuous attack on several crypto platforms could be linked to the hacking of Coinzilla, a digital marketing and advertising firm.
Etherscan, Coin Gecko Warn Of Ongoing MetaMask Phishing Attacks!!!!
Two famous crypto analytics services, Etherscan and CoinGecko, have both issued alerts about an ongoing phishing attempt on their systems. The firms began investigating the attack when several consumers received unexpected MetaMask pop-ups inviting them to connect their crypto wallets to the website.
Users were informed by DexTools that suspicious popups were appearing for visitors and that they should not confirm any transactions based on popups.
Etherscan is a cryptocurrency analytics software that focuses on the Ethereum blockchain network. CoinGecko is a cryptocurrency asset price tracker similar to Coinmarketcap. Both of these systems, CoinGecko and Etherscan, are legendary at their level due to their widespread use among crypto users to keep up with current crypto asset values and monitor transactions of specific crypto addresses.
MetaMask is a cryptocurrency software wallet that works with the Ethereum network. Users can utilize a browser extension or a mobile app to access their Ethereum wallet, which can then be used to interact with decentralized applications.
According to the data provided by the analytics firms, the latest phishing effort tries to obtain access to customers’ funds by proposing that they integrate their crypto wallets using MetaMask once they visit the official websites. Etherscan also revealed that the attackers abused third-party integration to display phishing pop-ups, and advised investors not to accept any MetaMask transactional requests.
A member of Crypto Twitter, @Noedel19, linked the continuing phishing assaults to the hack of Coinzilla, advertising, and marketing service, adding that “Any website that uses Coinzilla Ads is compromised.”
Cointelegraph cautioned readers on May 4 about the growth in Ape-themed airdrop phishing scams, which is backed up by recent alerts from Etherscan and CoinGecko.
All companies that have ad integration with Coinzilla, according to @Noedel19, are at risk of similar attacks in which their users see pop-ups promoting MetaMask integration.
Etherscan has stopped the compromised third-party integration on its website as a key strategy of damage control.
Coinzilla informed Cointelegraph that the problem had been found and addressed within hours of the above events and that the services had not been affected.
“A single campaign with malicious code made it via our automatic security tests.” Our team stopped it and locked the account after it ran for less than an hour.
Coinzilla disclosed plans to go on the offensive while emphasizing that no advertiser or publisher was to blame, stating: An ad code was introduced from an external source via an HTML5 banner. We will work closely with our publishers to provide help to affected users, identify the culprit, and take appropriate action.
Meanwhile, the team behind BAYC recently issued a warning to investors following the discovery of hackers hacking their official Instagram accounts.
On April 25, Cointelegraph claimed that hackers had gained access to BAYC’s official Instagram account. The hackers then emailed BAYC’s Instagram followers with fake airdrop URLs. Users that connected their MetaMask wallets to the fake website had their Ape NFTs stolen. According to unconfirmed accounts, the phishing attack resulted in the theft of around 100 NFTs.