Antidolos -Latest Blockchain News
Home » News » Etherscan and CoinGecko reported Metamask phishing attack
Disclosure

Etherscan and CoinGecko reported Metamask phishing attack

Etherscan and CoinGecko reported Metamask phishing attack

While investigations are ongoing, the continuous Metamask phishing attack on several Crypto platforms could be linked to the hacking of Coinzilla, a digital marketing and advertising firm.

Two famous Crypto analytics services, Etherscan and CoinGecko, have both issued alerts about an ongoing phishing attempt on their systems. After multiple customers reported unexpected Metamask pop-ups urging them to connect their Crypto wallets to the website, the companies began investigating the attack. 

According to the data provided by the analytics firms, the latest phishing effort tries to obtain access to customers’ funds by proposing that they integrate their Crypto wallets using MetaMask once they visit the official websites. Do you need more info about the Metamask phishing attack? We show you How to identify Crypto scams on Antidolos media.

What was the story?

Etherscan also revealed that the attackers exploited third-party integration to display phishing pop-ups and urged investors not to complete any MetaMask transactions.

We’ve received reports of phishing pop-ups through a third-party integration, and we’re looking into it. Please avoid confirming any transactions that appear on the website.

A member of Crypto Twitter, @Noedel19, linked the continuing phishing assaults to the breach of Coinzilla, advertising, and marketing service, adding that “Any website that uses Coinzilla Ads is compromised.”

CoinZilla source code containing the phishing URL has been compromised. @Noedel19 source

The screenshots below demonstrate an automated pop-up from MetaMask urging you to connect with a URL that falsely claims to be a non-fungible token (NFT) offering from Bored Ape Yacht Club (BAYC).

A false MetaMask pop-up appears on the CoinGecko website. @Noedel19 source

Search for airdrop phishing schemes

We cautioned readers on May 4 about the surge of Ape-themed airdrop phishing schemes, which is backed up by recent alerts from Etherscan and CoinGecko.

While formal confirmation from Coinzilla is still pending, @Noedel19 believes that all organizations with Coinzilla ad integration are still vulnerable to similar assaults. Their users are bombarded with pop-ups requesting MetaMask integration.

Etherscan has stopped the compromised third-party integration on its website as a critical damage mitigation strategy.

Hacking Instagram account

BAYC issued a warning to investors after hackers were revealed to have hacked into the company’s official Instagram account.

Today there will be no mint. BAYC Instagram appears to have been hacked. Nothing should be mint, clicked, or linked to your wallet.

The hackers hacked into BAYC’s official Instagram account. The hackers then sent fake airdrop URLs to BAYC’s Instagram followers.

Users that connected their Metamask phishing attack wallets to the fake website had their Ape NFTs depleted. According to unconfirmed accounts, the phishing attack resulted in the theft of around 100 NFTs.

NFTs have stolen in an Instagram phishing attack related to the Metamask phishing attack

Because the phishing attack occurred on the first anniversary of BAYC’s inception, many people mistook the link for genuine.

Hackers infiltrated the popular non-fungible token (NFT) collection’s official Instagram page on Monday, according to Bored Ape Yacht Club (BAYC) creators, and published links to a false airdrop with the project’s followers.

Ape NFTs were taken away from Crypto enthusiasts who linked their Metamask phishing attack wallets to the fraudulent website. The phishing attempt appears to have been timed to coincide with the first anniversary of the BAYC collection’s launch, enhancing the phishing link’s perceived credibility.

According to unsubstantiated accusations on social media, the phishing attack resulted in the theft of roughly 100 NFTs. Also, based on CoinGecko, each BAYC NFT has a floor price of 139 Ether (ETH), or $400,726. According to the allegations, the attack resulted in the loss of more than $40 million in assets. The statistics may only represent the bottom end of the prediction because they are based on the floor pricing.

Today there will be no mint. BAYC Instagram appears to have been hacked. Nothing should be mint, clicked, or linked to your wallet.

While some social media users emphasize the necessity of two-factor authentication as a deterrent to unwanted log-ins, others argue that such measures are imperfect and can be broken by a SIM-card swap.

BAYC has become the most popular NFT collection in the Crypto world, with sales exceeding $1 billion in 2021. The supply of the collection is set at 10,000 NFTs.

Experts warn that MetamMask phishing attack schemes are on the rise

As the Crypto community becomes aware of and reports such scams, the perpetrators prefer to disable comments on their tweets to avoid being identified as scammers.

According to cybersecurity experts, Airdrop phishing is becoming increasingly popular among Crypto and non-fungible token (NFT) criminals. According to recent research issued by Malwarebytes Labs, scammers are attempting to cash in on the buzz around Yuga Labs’ BAYC Ape-related NFT collection.

The most popular airdrop phishing strategies, according to Malwarebytes, involve the use of fraudulent websites masquerading as legitimate platforms, and “Apes are, of course, the biggest attraction in town as Airdrop phishing is concerned.”

The research noted that fraudsters are becoming more interested in ape-themed phishing, citing the “diversity of bogus pages out there” as evidence.

Scammers developed a website allowing users to claim up to 10 Bull and Ape NFTs, as shown in the screenshot above. When a user tries to claim the supposedly lucrative offer, it requests a range of password/recovery phrases, similar to any other phishing website:

Is this someone you’d be comfortable entrusting your recovery phrase to?

Malwarebytes also cautions about the emergence of the “link your wallet” airdrop scam, in which famous Twitter accounts, such as Moonbirds, pretend as popular projects delivering NFT airdrops.

On Twitter, a fake Moonbirds account has been created.

Scammers are always lurking

Scammers switch off comments to their tweets as the Crypto community observes and calls out such schemes to avoid being exposed. The official verified Moonbirds account issued a warning about the imposters in this situation.

Malwarebytes’ counsel echoes the typical security advice of avoiding answering “yes” to everything a website asks for, concluding: If you start providing rights or signing transactions, you can discover your wallet empty.

The excitement around Yuga Labs’ NFTs is accurate, as noted in the Malwarebytes study. The “Otherdeed” NFTs, which sold each digital piece of land for 305 ApeCoin (APE), sold out almost immediately after its inception.

The sale caused an unheard-of but brief increase in Ether (ETH) gas fees. Yuga Labs indicated that ApeCoin would need to shift to its chain to scale adequately, citing some of the challenges with utilizing Ether during its NFT debut.

Conclusion about Metamask phishing attack

We tried very hard to present you with the top 360 Blockchain news. You are always welcome to find the best and more reliable info here, like what we have done in the last two years on Antidolos IEO rating and review. To wrap it up, despite the impending bear market, you can always find a good and solid project to invest in if you keep an eye on traps and ICO scams. So if you like to keep up to date, don’t hesitate to follow us on Antidolos.

References:
https://cointelegraph.com/news/etherscan-coingecko…

https://www.google.com/searchq=MetaMask…
https://blockworks.co/metamask-issues-warning…
https://metamask.zendesk.com/hc/en-us/articles…

Related posts

A potential ‘white hat hacker certification’ exploits THORChain for $8 million

Delnia

Bitcoin is progressing through the New Bill in Ukraine and Blockchain Campus

admin

Cashaa Exchange: Hackers stole 336 BTC!

admin

Leave a Comment

This site uses functional cookies to improve your experience. Accept More Info

Privacy & Cookies Policy