Phishing links to steal cryptocurrency appeared on CoinGecko and Etherscan

A preliminary investigation revealed that the cause was a malicious ad script on the affected sites

14.05.2022 - 10:15

606

2 min

What’s new? Cryptocurrency services Etherscan, CoinGecko, DeFi Pulse, and others have reported incidents of a malicious pop-up, offering users to connect their MetaMask crypto wallets. A preliminary investigation revealed that the phishing attack was caused by a malicious ad script on the affected sites. A warning for users appeared on Twitter of the Etherscan service.

🚨 We’ve received reports of phishing popups via a 3rd party integration and are currently investigating. Please be careful not to confirm any transactions that pop up on the website.— Etherscan (@etherscan) May 13, 2022

Who else posted the warnings? Representatives of the CoinGecko platform said the investigation indicated Coinzilla, a crypto ad network, as the source of the phishing attack script:

“The situation is caused by a malicious ad script by Coinzilla, a crypto ad network – we have disabled it now but there may be some delay due to CDN caching. We are monitoring the situation further. Do stay on alert and don’t connect your Metamask on CoinGecko.”

The DexTools service has also been affected by malicious activity while citing the Coinzilla platform as the source of the problem.

What events happened before? In April, the MetaMask team warned cryptocurrency wallet users about the dangers of storing data in Apple iCloud due to possible phishing attacks.

In early May, Malwarebytes Labs, a cybersecurity company, reported an increased number of phishing attacks through fake airdrops. Experts called the use of fraudulent websites that mimic real companies or NFT collections the most common phishing tactic.

Author: