Dangerous phishing pop-ups appear across major crypto websites

Cryptocurrency owners have once again been warned to be on their guard against scammers following the detection of a new phishing attack.

Visitors to a number of popular cryptocurrency websites, including the likes of Etherscan, CoinGecko and DexTools, are being confronted with suspicious popups.

The attack seems to be targeting those with MetaMask cryptocurrency wallets, which allows users to access their crypto holdings on their mobile device or in a browser, and uses the logo of the notorious Bored Ape Yacht Club group to try and prove its legitimacy.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

MetaMask scam

Along with the Bored Ape logo, the popup asks the victim to "Connect with MetaMask" in an attempt to trick them into thinking the ad is a legitimate part of the site. It aims to direct victims to a malicious domain which would see a user's crypto wallet drained with no hope of recovery.

The affected sites have been quick to take action, with Etherscan saying it has disabled third-party integrations on its website, and warning users not to confirm any transactions that appear in a popup. 

CoinGecko said it had identified Coinzilla, an industry advertising network, as the source of the malicious popup, and had also removed it from its site.

The news is the latest in a long series of scams and fraud attacks targeting crypto owners, of which there are now tens of millions.

Back in March 2022, ESET uncovered a scam campaign that used malicious apps distributed through fake websites in order to steal Bitcoin and other cryptocurrencies from unsuspecting users. 

The malicious apps mimicked popular cryptocurrency wallets including Metamask, Coinbase, Trust Wallet, TokenPocket, Bitpie, imToken and OneKey, and the fraudsters even placed ads on legitimate websites with misleading articles to promote the fake websites that distributed the copycat wallet apps.

Earlier this year, hundreds of millions of dollars in cryptocurrency was also stolen from the Ronin Network, which provides the "blockchain bridge" that powers NFT game Axie Infinity.

Via CoinDesk



Comments