If the past week wasn’t bad enough for crypto, reports are emerging that a cyber-attack targeting crypto websites and wallet users has just occurred.
Users of the popular Web3 crypto wallet MetaMask have been targeted in a phishing attack resulting in a handful of high-profile crypto websites being compromised.
This comes at the end of a dreadful week that saw the world’s third-largest stablecoin collapse, America’s biggest exchange Coinbase go down again, and crypto markets lose $400 billion.
The attack we reported by various sources, including decentralized finance channel DeFiPrime which stated Etherscan and CoinGecko were among those compromised by suspicious popups.
When visiting certain websites, MetaMask users would get a pop-up prompting them to take action or approve a transaction. The websites began warning users over these popups once they were discovered.
It seems a lot of sites compromised: Spiritswap, Etherscan, Coingecko. Be extra careful when approving transactions, and always double-check that you are interacting with the proper smart contract.
— defiprime (@defiprime) May 13, 2022
On May 14, CoinGecko posted a notice reporting that a malicious ad script had caused the attack from crypto ad network Coinzilla. It added that it has been disabled and warned users not to connect their MetaMask wallets to the data analytics portal.
A phishing attack is a targeted attack on a particular group, in this case, crypto wallet users. Some pop-ups disseminated malicious links to popular NFT projects such as the Bored Ape Yacht Club. The dodgy domain had been taken down at the time of writing.
Update: The situation is caused by a malicious ad script by Coinzilla, a crypto ad network – we have disabled it now but there may be some delay due to CDN caching. We are monitoring the situation further. Do stay on alert and don't connect your Metamask on CoinGecko. https://t.co/NY0ppKecIG
— CoinGecko (@coingecko) May 13, 2022
Etherscan, a popular Ethereum blockchain tracker, warned that “we’ve received reports of phishing popups via a 3rd party integration and are currently investigating. Please be careful not to confirm any transactions that pop up on the website.”
Another crypto-based app website called DexTools was also compromised. “We are disabling all ads until the situation is clarified by @adsbycoinzilla,” it stated before warning, “please be aware and don’t sign suspicious requests at your wallet.”
Dodgy advertising scripts have been used before to target cryptocurrency users. In November, a phishing attack that used Google Ads was identified as it attempted to steal credentials or trick users into logging into the attacker’s wallet so they would become the new recipient of any transactions.
Google and Facebook (now Meta) have both been manipulated by malicious actors to display scam crypto advertising that lures users into divulging personal information or enabling wallet access.
In February, another phishing attack targeted NFT marketplace OpenSea and resulted in the theft of $1.7 million worth of NFTs from platform users.
MetaMask users have also been previously targeted with scammy emails disguised as verification requests from the crypto wallet.
Furthermore, customers of the French hardware wallet firm Ledger have been inundated with phishing emails and scams following a massive data breach on company servers in 2020.
Martin has been covering the latest developments in the blockchain and digital asset industry since 2017 when he made his first investment. He has previous trading experience and has worked extensively in IT over the past 2 decades.