We use cookies and other tracking technologies to improve your browsing experience on our site, show personalized content and targeted ads, analyze site traffic, and understand where our audiences come from. To learn more or opt-out, read our Cookie Policy. Please also read our Privacy Notice and Terms of Use, which became effective December 20, 2019.
By choosing I Accept, you consent to our use of cookies and other tracking technologies.
Filed under:
Be careful where you click
As if this week weren’t bad enough for many cryptocurrency owners, with stablecoins crashing and Coinbase suffering an outage at a particularly bad time, now they’ve reportedly been targeted by a new phishing attack. As reported by CoinDesk and The Block Crypto, sites including Etherscan, CoinGecko, and DexTools all warned users that they were aware of suspicious popups appearing for visitors, and advised them not to confirm any transactions based on popups.
Like many recent phishing attacks, this one appeared to promise a link to the Bored Ape Yacht Club project, with an ape skull logo and a (now-disabled) nftapes.win domain. It prompted users to connect their MetaMask wallets (a software cryptocurrency wallet that enables access on your phone or via a browser extension) to use on the site, and since it was appearing on domains that many people trust and use every day, they may have fallen for it and given it access.
Related
Update: The situation is caused by a malicious ad script by Coinzilla, a crypto ad network – we have disabled it now but there may be some delay due to CDN caching. We are monitoring the situation further. Do stay on alert and don’t connect your Metamask on CoinGecko. https://t.co/NY0ppKecIG
Last November, the security company Check Point Research identified a phishing attack that used Google Ads that would either attempt to steal someone’s credentials or trick them into logging into the attacker’s wallet so that it would receive any transactions they attempted. In February, a phishing attack stole $1.7 million worth of NFTs from OpenSea users, while a more recent attempt via Discord only snagged $18,000 worth of tokens.
Etherscan said it has disabled third-party integrations for the time being. A tweet from CoinGecko identified the source of the malicious popup as Coinzilla, an industry advertising network that told customers it could deliver over 1 billion impressions per month across more than 600 reputable sites popular with crypto enthusiasts.
Interim we’ve taken immediate action to disable the said 3rd party integration on Etherscan.
Subscribe to get the best Verge-approved tech deals of the week.
Please confirm your subscription to Verge Deals via the verification email we just sent you.

source

Write A Comment