Etherscan and CoinGecko warn of ongoing MetaMask phishing attacks

Popular crypto analytics platforms Etherscan and CoinGecko have simultaneously issued a warning about an ongoing phishing attack on their platforms. The firms began investigating the attack after numerous users reported unusual MetaMask pop-ups asking users to connect their crypto wallets to the website.

Based on the information disclosed by the analytics firms, the latest phishing attack attempts to gain access to users’ funds by requesting their crypto wallet integration via MetaMask once they access the official websites.

Etherscan further revealed that the attackers managed to display phishing pop-ups via third-party integration and advised investors not to confirm transactions requested by MetaMask.

@Noedel19, a member of Crypto Twitter, pointed out the possible cause of the attack and linked the ongoing phishing attacks to the compromise of Coinzilla, an advertising and marketing agency, stating: “Any website using Coinzilla Ads, is compromised.”

Compromised CoinZilla source code with phishing link. Source: @Noedel19

The screenshots shared below show MetaMask’s automated pop-up asking you to connect to the link incorrectly presented as a Bored Ape Yacht Club (BAYC) Non-Fungible Token (NFT) offering.

CoinGecko website with fake MetaMask popup. Source: @Noedel19

On May 4, Cointelegraph further warned readers of the rise in Ape-themed airdrop phishing scams, further cemented by recent alerts from Etherscan and CoinGecko.

While Pending official confirmation from Coinzilla, @Noedel19 suspects that all companies that have ad integration with Coinzilla remain at risk of similar attacks where their users receive MetaMask integration pop-ups.

As a primary mitigation tool, Etherscan has disabled compromised third-party integration on its website.

Within hours of the above development, Coinzilla announced to Cointelegraph that the issue had been identified and fixed, and clarified that the services were not compromised:

“A single campaign containing malicious code managed to pass our automated security checks. It ran for less than an hour before our team stopped it and suspended the account.”

While stressing that no advertiser or publisher was to blame, Coinzilla revealed plans to go on the offensive, stating:

“Ad code was inserted from an external source via an HTML5 banner. We will be working closely with our publishers to offer assistance to affected users, identify the individual behind the attack and act accordingly.

Related: Bored Ape Yacht Club NFTs stolen in Instagram phishing attack

The team behind BAYC recently warned investors of an attack after discovering hackers breached their official Instagram account.

As Cointelegraph reported on April 25, hackers were able to gain access to BAYC’s official Instagram account. The hackers then contacted BAYC’s Instagram followers and shared links to fake airdrops.

Users who connected their MetaMask wallets to the scam website subsequently had their Ape NFTs revoked. Unconfirmed Reports recommend that around 100 NFTs were stolen during the phishing attack.