Etherscan and CoinGecko warn of ongoing MetaMask phishing attacks

Popular crypto analytics platforms Etherscan and CoinGecko have simultaneously issued a warning about an ongoing phishing attack on their platforms. The firms began investigating the attack after numerous users reported unusual MetaMask pop-ups asking users to connect their crypto wallets to the website.

Based on the information disclosed by the analytics firms, the latest phishing attack attempts to gain access to users’ funds by requesting their crypto wallet integration via MetaMask once they access the official websites.

Security Warning: If you are on the CoinGecko website and your metamask asks you to connect to this website, it is a scam. Don’t connect it. We are investigating the cause of this problem. pic.twitter.com/7vPfTAjtiU

— CoinGecko (@coingecko) May 13, 2022

Etherscan further revealed that the attackers managed to display phishing pop-ups via third-party integration and advised investors not to confirm transactions requested by MetaMask.

We’ve received reports of phishing pop-ups via a third-party integration and are currently investigating.

Please be careful not to confirm any transactions that appear on the website.

— Etherscan (@etherscan) May 13, 2022

@Noedel19, a member of Crypto Twitter, pointed out the possible cause of the attack and linked the ongoing phishing attacks to the compromise of Coinzilla, an advertising and marketing agency, stating: “Any website using Coinzilla Ads, is compromised.”

The screenshots shared below show MetaMask’s automated pop-up asking you to connect to the link incorrectly presented as a Bored Ape Yacht Club (BAYC) Non-Fungible Token (NFT) offering.

On May 4, Cointelegraph further warned readers of the rise in Ape-themed airdrop phishing scams, further cemented by recent alerts from Etherscan and CoinGecko.

While Pending official confirmation from Coinzilla, @Noedel19 suspects that all companies that have ad integration with Coinzilla remain at risk of similar attacks where their users receive MetaMask integration pop-ups.

As a primary mitigation tool, Etherscan has disabled compromised third-party integration on its website.

Within hours of the above development, Coinzilla announced to Cointelegraph that the issue had been identified and fixed, and clarified that the services were not compromised:

“A single campaign containing malicious code managed to pass our automated security checks. It ran for less than an hour before our team stopped it and suspended the account.”

While stressing that no advertiser or publisher was to blame, Coinzilla revealed plans to go on the offensive, stating:

“Ad code was inserted from an external source via an HTML5 banner. We will be working closely with our publishers to offer assistance to affected users, identify the individual behind the attack and act accordingly.

Related: Bored Ape Yacht Club NFTs stolen in Instagram phishing attack

The team behind BAYC recently warned investors of an attack after discovering hackers breached their official Instagram account.

There’s no Mint going today. It looks like BAYC Instagram has been hacked. Don’t mint anything, don’t click links, and don’t associate your wallet with anything.

— Bored Ape Yacht Club (@BoredApeYC) April 25, 2022

As Cointelegraph reported on April 25, hackers were able to gain access to BAYC’s official Instagram account. The hackers then contacted BAYC’s Instagram followers and shared links to fake airdrops.

Users who connected their MetaMask wallets to the scam website subsequently had their Ape NFTs revoked. Unconfirmed Reports recommend that around 100 NFTs were stolen during the phishing attack.