Phishing links to steal cryptocurrency appeared on CoinGecko and Etherscan
A preliminary investigation revealed that the cause was a malicious ad script on the affected sites
14.05.2022 - 10:15
1115
2 min
0
What’s new? Cryptocurrency services Etherscan, CoinGecko, DeFi Pulse, and others have reported incidents of a malicious pop-up, offering users to connect their MetaMask crypto wallets. A preliminary investigation revealed that the phishing attack was caused by a malicious ad script on the affected sites. A warning for users appeared on Twitter of the Etherscan service.
🚨 We’ve received reports of phishing popups via a 3rd party integration and are currently investigating. Please be careful not to confirm any transactions that pop up on the website.— Etherscan (@etherscan) May 13, 2022
Who else posted the warnings? Representatives of the CoinGecko platform said the investigation indicated Coinzilla, a crypto ad network, as the source of the phishing attack script:
“The situation is caused by a malicious ad script by Coinzilla, a crypto ad network – we have disabled it now but there may be some delay due to CDN caching. We are monitoring the situation further. Do stay on alert and don’t connect your Metamask on CoinGecko.”
The DexTools service has also been affected by malicious activity while citing the Coinzilla platform as the source of the problem.
What events happened before? In April, the MetaMask team warned cryptocurrency wallet users about the dangers of storing data in Apple iCloud due to possible phishing attacks.
In early May, Malwarebytes Labs, a cybersecurity company, reported an increased number of phishing attacks through fake airdrops. Experts called the use of fraudulent websites that mimic real companies or NFT collections the most common phishing tactic.
Useful material?
Telegram 
Twitter Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Incidents
According to Blockaid, the attack may have been carried out by the same hacker behind the 1inch Fusion V1 exploit.
May 7, 2026
Incidents
The attacker gained administrative access and altered contracts to drain user funds
Apr 30, 2026
Cryptocurrency rates
-
Bitcoin
$63 305
BTC
-3.17%
-
Ethereum
$2 551.16
ETH
+3.56%
-
BNB Smart Chain
$579.4
BSC
+1.23%
-
Ripple
$1.16
XRP
-4.03%
-
TRON
$0.160134
TRX
-1.59%
-
Dogecoin
$0.087642
DOGE
-4.83%
-
Zcash
$491.16
ZEC
-21.31%
-
Stellar XLM
$0.201795
XLM
-5.24%
-
Cardano
$0.181015
ADA
-10.98%
-
Polkadot
$3.32
DOT
+5.27%