Etherscan, CoinGecko warn against ongoing MetaMask phishing attacks


Popular crypto-analytics platforms Etherscan and CoinGecko have simultaneously issued an alert against an ongoing phishing attack on their platforms. The companies began investigating the attack after many users reported unusual MetaMask pop-ups prompting users to connect their cryptocurrencies to the site.

Based on the information revealed by the analytics companies, the latest phishing attack is trying to gain access to the finances of users by asking them to integrate their cryptocurrencies through MetaMask after they access the official websites.

Etherscan further revealed that the attackers managed to show phishing pop-ups through third-party integration and advised investors to refrain from confirming any transactions requested by MetaMask.

Pointing to the possible cause of the attack, @ Noedel19, a member of Crypto Twitter, linked the ongoing phishing attacks to the compromise of Coinzilla, an advertising and marketing agency, stating that “Every website that uses Coinzilla Ads is compromised.”

8983e7b8 a1b5 47af aa9a 1e522f9d53ee
CoinZilla compromised source code with phishing link. Source: @ Noedel19

The screenshots shared below show MetaMask’s automated popup asking to connect to the link falsely presented as the Bored Ape Yacht Club’s (BAYC) unbreakable token (NFT) offer.

16dfdb3c 2a76 4a9e 91de 36f1589576f0
CoinGecko website showing fake MetaMask pop-up. Source: @ Noedel19

On May 4, Cointelegraph further warned readers about the rise of Ape-themed airdrop phishing scams, which is further cemented by the latest warnings issued by Etherscan and CoinGecko.

While official confirmation of Coinzilla is still pending, @ Noedel19 suspects that all companies that have ad integration with Coinzilla remain at risk of similar attacks by which their users receive pop-ups for MetaMask integration.

As a primary means of damage control, Etherscan has disabled the compromised third-party integration on its website.

Coinzilla has not yet responded to Cointelegraph’s request for comment.

Related: Bored Ape Yacht Club NFTs stolen in Instagram phishing attack

The team behind BAYC recently warned investors of an attack after hackers were found breaking into their official Instagram account.

As Cointelegraph reported on April 25, hackers were able to gain access to BAYC’s official Instagram account. The hackers then contacted BAYC’s Instagram followers and shared links to fake airmail.

Users who connected their MetaMask wallets to the fraudulent website were later hacked by their Ape NFTs. Unconfirmed reports to suggest that about 100 NFTs were stolen during the phishing attack.