Popular crypto analytics platforms Etherscan and CoinGecko have simultaneously issued an alert against an ongoing phishing attack on their platforms. The companies began investigating the attack after many users reported unusual MetaMask pop-ups prompting users to connect their crypto wallets to the website.
Based on leaked information from analytics companies, the latest phishing attack attempts to access users’ funds by asking to integrate their crypto wallets through MetaMask once they access official websites.
Security Alert: If you are on the CoinGecko website and your Metamask prompts you to log in to this site, it is a scam. Do not connect it. We are looking for the root cause of this problem. pic.twitter.com/7vPfTAjtiU
— CoinGecko (@coingecko) May 13, 2022
Etherscan further disclosed that the attackers managed to display phishing pop-ups via third-party integration and advised investors to refrain from confirming transactions requested by MetaMask.
We have received reports of phishing popups via third-party integration and are currently investigating.
Be careful not to confirm transactions that appear on the website.
— “The Etherscan” (@etherscan) May 13, 2022
Stating the possible cause of the attack, Crypto Twitter member @Noedel19 linked the ongoing phishing attacks to the compromise of Coinzilla, an advertising and marketing agency, stating that “Any website that uses Coinzilla Ads is compromise”.
The screenshots shared below show the automated pop-up from MetaMask asking to log in with the link misrepresenting Bored Ape Yacht Club (BAYC) Non-Fungible Token (NFT) Offering.
On May 4, TSWT further warned readers about the increase in monkey-themed phishing scams, which is further reinforced by the latest warnings issued by Etherscan and CoinGecko.
While an official confirmation from Coinzilla is still pending, @Noedel19 suspects that all companies that have advertising integration with Coinzilla remain at risk of similar attacks in which their users get pop-ups for MetaMask integration.
As a primary means of damage control, Etherscan has disabled compromised third-party integration on its website.
Coinzilla has not yet responded to TSWT’s request for comment.
Related: Bored Ape Yacht Club NFTs stolen in Instagram phishing attack
The team behind BAYC recently warned investors of an attack after hackers breached their official Instagram account.
There is no coinage today. It looks like BAYC Instagram has been hacked. Don’t hit anything, click on links, or link your wallet to anything.
— Bored Ape Yacht Club (@BoredApeYC) April 25, 2022
As TSWT reported on April 25, hackers were able to access BAYC’s official Instagram account. The hackers then contacted BAYC Instagram followers and shared links to fake airdrops.
Users who connected their MetaMask wallets to the fraudulent website were then drained of their Ape NFTs. Unconfirmed reports suggest that around 100 NFTs were stolen in the phishing attack.