Etherscan warned against an ongoing phishing attack and Coingecko followed with the warnings so the investigations are now underway to platforms being connected to the compromise of Coinzilla, the advertising, and marketing agency so let’s read more today in our latest cryptocurrency news.
The popular analytics platforms Etherscan alongside CoinGecko issued an alert against the ongoing phishing attack on their platforms as the companies started investigating the attack after users reported unusual MetaMask pop-ups prompting the users to connect the wallets to the website. Based on the information from the companies, the latest phishing attacks attempt to gain access to the users’ funds by requesting to integrate the wallets via MetaMask once they access the websites. Etherscan revealed that the attackers managed to display the phishing-pop ups via the third-party integration and advised investors to refrain from confirming transactions requested by MetaMask.
We’ve received reports of phishing popups via a 3rd party integration and are currently investigating.
Please be careful not to confirm any transactions that pop up on the website.
— Etherscan (@etherscan) May 13, 2022
Pointing toward the cause of the attack, one member of Twitter connected the phishing attacks to the compromise of Coinzilla, an advertising marketing agency that stated that “any Website that makes use of the ads are compromised.” The screenshots show a pop-up from MetaMask asking to connect with the link that falsely portrays as Bored ape Yacht Club NFT offering. The reports further warned readers about the rise in the Ape-themed airdrop phishing scam which is cemented by the latest warnings issued by CoinGecko and Etherscan.
Security Alert: If you are on the CoinGecko website and you are being prompted by your Metamask to connect to this site, this is a SCAM. Don't connect it. We are investigating the root cause of this issue. pic.twitter.com/7vPfTAjtiU
— CoinGecko (@coingecko) May 13, 2022
While the official confirmation from Coinzilla is underway, the Twitter user suspected that all companies which have an ad integration from coinzilla, remain at risk of similar attacks while their users get pop-ups from the MetaMask integration. As a primary means of damage control, Etherscan disabled the compromised third-party integration on the website. The team behind BAYC warned investors about the attack after hackers were found to breach the Instagram account. The hackers also gained access to bAYC’s official Instagram account and then contacted the Instagram followers and shared links to fake airdrops. The users that connected their MetaMask wallets to the sam website were drained of their APE NFTs but reports show that about 100 NFTs were stolen in the phishing attack.
There is no mint going on today. It looks like BAYC Instagram was hacked. Do not mint anything, click links, or link your wallet to anything.
— Bored Ape Yacht Club (@BoredApeYC) April 25, 2022