As if this week weren’t bad enough for many cryptocurrency owners, with stablecoins crashing and Coinbase suffering an outage at a particularly bad time, now they’ve reportedly been targeted by a new phishing attack. As reported by CoinDesk and The Block Crypto, sites including Etherscan, CoinGecko, and DexTools all warned users that they were aware of suspicious popups appearing for visitors, and advised them not to confirm any transactions based on popups.
Like many recent phishing attacks, this one appeared to promise a link to the Bored Ape Yacht Club project, with an ape skull logo and a (now-disabled) nftapes.win domain. It prompted users to connect their MetaMask wallets (a software cryptocurrency wallet that enables access on your phone or via a browser extension) to use on the site, and since it was appearing on domains that many people trust and use every day, they may have fallen for it and given it access.
Update: The situation is caused by a malicious ad script by Coinzilla, a crypto ad network – we have disabled it now but there may be some delay due to CDN caching. We are monitoring the situation further. Do stay on alert and don’t connect your Metamask on CoinGecko. https://t.co/NY0ppKecIG
— CoinGecko (@coingecko) May 13, 2022
Last November, the security company Check Point Research identified a phishing attack that used Google Ads that would either attempt to steal someone’s credentials or trick them into logging into the attacker’s wallet so that it would receive any transactions they attempted. In February, a phishing attack stole $1.7 million worth of NFTs from OpenSea users, while a more recent attempt via Discord only snagged $18,000 worth of tokens.
Etherscan said it has disabled third-party integrations for the time being. A tweet from CoinGecko identified the source of the malicious popup as Coinzilla, an industry advertising network that told customers it could deliver over 1 billion impressions per month across more than 600 reputable sites popular with crypto enthusiasts.
Interim we’ve taken immediate action to disable the said 3rd party integration on Etherscan.
— “The Etherscan” (@etherscan) May 13, 2022