Phishing attack pop-up targets MetaMask users visiting popular crypto sites

Image: CoinGecko

This week has been a bad one for many cryptocurrencies owners, with stablecoins crashing and Coinbase experiencing an outage at a particularly bad time. Users were warned not to confirm transactions based on popups, as reported by The Block Crypt, as well as other sites.

This one appeared to promise a link to the Bored Ape Yacht Club project, with an ape skull logo and a nftapes.win domain. Since it was appearing on domains that many people trust and use every day, they may have fallen for it and given it access.

Update: The situation is caused by a malicious ad script by Coinzilla, a crypto ad network - we have disabled it now but there may be some delay due to CDN caching. We are monitoring the situation further. Do stay on alert and don't connect your Metamask on CoinGecko. https://t.co/NY0ppKecIG

— CoinGecko (@coingecko) May 13, 2022

The security company Check Point Research identified a phishing attack that used ads on the internet to trick people into giving up their credentials so that it could steal their money. A more recent attempt to steal NFTs from OpenSea users only netted $18,000 worth of token.

Third-party integrations have been disabled for the time being. The source of the malicious popup was identified as the industry advertising network, Coinzilla, which told customers it could deliver over 1 billion impressions per month across more than 600 sites popular with crypto enthusiasts.

Interim we've taken immediate action to disable the said 3rd party integration on Etherscan.

— “The Etherscan” (@etherscan) May 13, 2022