As if this week wasn’t bad enough for many cryptocurrency owners, with stablecoins crashing and Coinbase going down at a particularly bad time, they are now reportedly the target of another phishing attack. As reported by CoinDesk and The block cryptosites included ether scan† CoinGekkoand DexTools all warned users that they were aware of suspicious pop-ups that appeared to visitors, and advised them not to confirm transactions based on pop-ups.
Like many recent phishing attacks, this one seemed to promise a link to the Bored Ape Yacht Club project, with a monkey skull logo and a (now disabled) nftapes.win domain. It asked users to connect their MetaMask wallet (a software cryptocurrency wallet that allows access on your phone or through a browser extension) to use on the site, and since it appeared on domains that many people trust and use every day , they may have fell for it and gave it access.
Update: The situation is caused by a malicious ad script from Coinzilla, a crypto ad network – we’ve disabled it now, but there may be some delay due to CDN caching. We continue to monitor the situation. Stay alert and do not connect your Metamask to CoinGecko. https://t.co/NY0ppKecIG
— CoinGecko (@coingecko) May 13, 2022
Last November, security firm Check Point Research identified a phishing attack that used Google ads that either attempted to steal someone’s credentials or trick them into logging into the attacker’s wallet so that they would receive all the transactions they attempted. In February, a phishing attack stole $1.7 million in NFTs from OpenSea users, while a more recent attempt via Discord netted just $18,000 in tokens.
Etherscan said it has disabled third-party integration for the time being. A tweet from CoinGekko identified the source of the malicious pop-up as Coinzilla, an industrial advertising network that: told customers it could get more than 1 billion impressions per month on more than 600 reputable sites popular with crypto enthusiasts.
In the meantime, we took immediate action to disable the said third-party integration on Etherscan.
— “The Etherscan” (@etherscan) May 13, 2022