Popular crypto analytics platforms Etherscan and CoinGecko have parallelly issued an alert against an ongoing phishing attack on their platforms. The firms began investigating the attack after numerous users reported unusual MetaMask pop-ups prompting users to connect their crypto wallets to the website.
Based on the information disclosed by the analytics firms, the latest phishing attack attempts to gain access to users’ funds by requesting to integrate their crypto wallets via MetaMask once they access the official websites.
Security Alert: If you are on the CoinGecko website and you are being prompted by your Metamask to connect to this site, this is a SCAM. Don’t connect it. We are investigating the root cause of this issue. pic.twitter.com/7vPfTAjtiU
— CoinGecko (@coingecko) May 13, 2022
Etherscan further revealed that the attackers have managed to display phishing pop-ups via third-party integration and advised investors to refrain from confirming any transactions requested by MetaMask.
We’ve received reports of phishing popups via a 3rd party integration and are currently investigating.
Please be careful not to confirm any transactions that pop up on the website.
— “The Etherscan” (@etherscan) May 13, 2022
Pointing toward the possible cause of the attack, @Noedel19, a member of Crypto Twitter, connected the ongoing phishing attacks to the compromise of Coinzilla, an advertising and marketing agency, stating that “Any website that makes use of Coinzilla Ads are compromised.”
Compromised CoinZilla source code with phishing link. Source: @Noedel19
The screenshots shared below show the automated pop-up from MetaMask asking to connect with the link falsely portraying as Bored Ape Yacht Club’s (BAYC) non-fungible token (NFT) offering.
CoinGecko website showing fake MetaMask pop-up. Source: @Noedel19
On May 4, Cointelegraph further warned readers about the rise in Ape-themed airdrop phishing scams, which is further cemented by the latest warnings issued by Etherscan and CoinGecko.