Popular crypto analytics platforms Etherscan and CoinGecko have simultaneously issued an alert for an ongoing phishing attack on their platforms. The companies began investigating the attack after many users reported unusual MetaMask pop-ups requiring users to connect their crypto wallets to the site.
Based on the information revealed by the analytics companies, the recent phishing attack attempts to gain access to users’ money by requesting to integrate their encryption wallets using MetaMask once they have accessed the official websites.
Security Alert: If you are on the CoinGecko site and you are asked by your Matamsk to log in to this site, this is a scam. Do not connect it. We are investigating the root of the problem. pic.twitter.com/7vPfTAjtiU
– CoinGecko (@coingecko) May 13, 2022
Etherscan further revealed that the attackers were able to view phishing windows through third-party integration and advised investors to refrain from approving any transactions requested by MetaMask.
We have received reports of pop-up windows using third-party integration and we are currently investigating.
Please be careful not to approve deals that pop up on the site.
– “The Etherscan” (@etherscan) May 13, 2022
Pointing out the possible cause of the attack, @ Noedel19, a member of Crypto Twitter, linked the ongoing phishing attacks to the compromise of Coinzilla, an advertising and marketing agency, stating that “any site that uses Coinzilla Ads is at risk.”
The shared screenshots below show the auto-pop-up window from MetaMask requesting to connect to the link incorrectly described as a BoredC Yacht Club (NFT) offer.
On May 4, the Cointelegraph warned readers even more about the rise in Ape phishing scams, which is further highlighted by recent warnings issued by Etherscan and CoinGecko.
While official approval from Coinzilla is still pending, @ Noedel19 suspects that all companies that have ad integration with Coinzilla remain at risk for similar attacks in which their users receive pop-ups for MetaMask integration.
As a primary means of damage control, Etherscan has disabled the inclusion of a third party harmed on its website.
Koinzilla has not yet responded to Quintelgraff’s request to comment.
Related: Bored Ape Yacht Club NFTs Stolen in Instagram Phishing Attack
The team behind BAYC recently warned investors against attack after hackers were found who had violated their official Instagram account.
In Nana today. BAYC Instagram seems to have been hacked. Do not drown anything, do not click on links and do not link your wallet to anything.
– Ape Bored Yacht Club (@BoredApeYC) April 25, 2022
As Quintelgraph reported on April 25, hackers were able to gain access to BAYC’s official Instagram account. The hackers then contacted BAYC’s Instagram followers and shared links to fake airdrops.
Users who connected their MetaMask wallets to the scam site were subsequently emptied of Ape’s NFT. Unapproved reports offer That about 100 NFTs were stolen during the phishing attack.