After Crypto Slump, Phishing Attacks Pop-Ups Targeting Metaverse Users
Although last week proved horrible for cryptocurrency owners with the market facing a crash and Binance’s outage during that difficult time, the nasty phishing attacks designed having pop-ups target metaverse users on famous crypto sites. So far, multiple sites, including Etherscan and DexTools, have reportedly confirmed the crypto scam ad and issued alerts not to connect wallets.
CoinGecko issued a scam alert via a tweet on May 14, which reads:
Security Alert: If you are on the CoinGecko website and you are being prompted by your Metamask to connect to this site, this is a SCAM. Don’t connect it. We are investigating the root cause of this issue.
Scammers behind the phishing attack faked that users would access the most significant NFT avatar, Bored Ape Yacht Club, by clicking on the provided link. And to make it real, the pop-ups featured an ape skull logo alongside the now-defunct domain, nftapes.win. Per the WHOIS lookup, the domain from where phishing attacks were being generated was registered on Friday, around 3:00 PM. ET.
The ad required users to connect their MetaMask wallets to use it on the site. Web 3.0 technology allows MetaMask wallets to authorize access to websites via smartphones and browser extensions. And since the fraudsters managed to place dodgy advertising scripts on reputational sites which have a trusted relationship with their audiences, many users fell into the trap and provided access to their wallets.
Elaborating the cause behind this situation, CoinGecko affirmed:
Update: The situation is caused by a malicious ad script by Coinzilla, a crypto ad network – we have disabled it now but there may be some delay due to CDN caching. We are monitoring the situation further. Do stay on alert and don’t connect your Metamask on CoinGecko.
Phishing Attacks Are Rising Since The Crypto Growth
Since the crypto sector has become the favorite choice of cybercriminals, last November, they conducted a phishing attack via Google Ads to steal users’ credentials and make them log in to the attacker’s wallet so that he can receive transactions committed from the victim’s wallet. Similarly, hackers stole $1.7 million worth of NFTs targeting OpenSea in February and $18,000 in the most recent attack via Discord.
As the publications discovered the fraud, Etherscan temporarily blocked the integration with third parties. Additionally, Dex Tools notified its community that Coinzilla, an advertising network that claims to deliver over 1 billion impressions monthly across 600 reputable crypto sites, became the source of the recent phishing attack.
Dex Tool tweeted;
We are disabling all ads until the situation is clarified by @adsbycoinzilla . Please be aware and don’t sign suspicious requests at your wallet. DEXTools does not automatically request any permissions.