Popular crypto data sites warn against ongoing MetaMask phishing attacks

    15 May 2022
    330 Views

    Etherscan, CoinGecko, DeFi Pulse, and many other sites displayed a suspicious pop-up asking users to connect their wallets. Initial indications suggest that malicious code via ads on the affected sites is the vector for the phishing attack. Platforms urged users to “not confirm any transactions” that popped up on its website.

    Crypto data websites Etherscan, CoinGecko, DeFi Pulse many other popular sites reported incidents of a malicious pop-up prompting users to connect their MetaMask wallets.

    The phishing attack comes from a domain displaying the Bored Ape Yacht Club logo. At the time of writing, the site tied to the domain appeared to be taken down. The domain was registered less than a day ago, a WHOIS lookup shows.

    Etherscan said in a tweet on the matter: “We’ve received reports of phishing popups via a 3rd party integration and are currently investigating. Please be careful not to confirm any transactions that pop up on the website,” adding in the next tweet: “Interim we’ve taken immediate action to disable the said 3rd party integration on Etherscan.”

    Though the precise cause has not been confirmed, initial indications suggest that malicious code via ads on the affected sites is the vector for the phishing attack.

    CoinGecko also twitted: “If you are on the CoinGecko website and you are being prompted by your Metamask to connect to this site, this is a SCAM. Don’t connect it. We are investigating the root cause of this issue.”

    “We are investigating the root cause of this attack to fix it as soon as possible,” Bobby Ong, CoinGecko founder, told CoinDesk.

    “The situation is most likely caused by a malicious ad script by Coinzilla, a crypto ad network – we have disabled it now,” he added on Twitter. “We are monitoring the situation further. Do stay on alert and don’t connect your Metamask on CoinGecko.”

    DexTools, another crypto-focused app site, also said in its tweet blaming a crypto ad platform Coinzilla:

    “We are disabling all ads until the situation is clarified by @adsbycoinzilla. Please be aware and don’t sign suspicious requests at your wallet. DEXTools does not automatically request any permissions.”

    Leave a Reply

    Your email address will not be published. Required fields are marked *