Even if last week turned out to be horrific for cryptocurrency owners as the market faced a crash and loss of Binance during this difficult time, malicious phishing attacks were designed to users will pop up from the metaverse to popular crypto sites. Currently, several sites, including Etherscan and DexTools, have reportedly confirmed the crypto scam notice and issued warnings not to connect to wallets.
CoinGecko issues a scam alert via a Tweeter on May 14, which reads as follows:
Security Alert: If you are on the CoinGecko website and your Metamask prompts you to log in to this site, it is a scam. Do not connect it. We are looking for the cause of this issue.
Related Reading | LUNA Investors ‘Suicide’ After Crypto Collapse – Do Kwon Says He’s ‘Heartbroken’
The fraudsters behind the phishing attack simulated that users could access the top NFT avatar, Bored Ape Yacht Club, by clicking on the provided link. And to make it real, the pop-ups have a monkey skull logo next to the now-defunct domain, nftapes.win. According to WHOIS research, the domain where the phishing attacks were generated was registered on Friday, around 3:00 p.m. UG.
The notice requires users to connect their wallets to MetaMask in order to use them on the site. Web 3.0 technology allows MetaMask wallets to allow access to websites via smartphones and browser extensions. And while scammers have been able to place dubious ad scripts on well -known sites that have a trusting relationship with their audiences, many users have fallen for it and given access to their wallets.
Elaborate on the reason behind this situation, CoinGecko stated:
Update: The situation was caused by a malicious ad script from Coinzilla, a crypto ad network – we’ve already disabled it, but there may be some delay due to CDN caching. We kept a close eye on the situation. Stay alert and do not connect your Metamask to CoinGecko.
Phishing attacks have increased since the growth of crypto
Since the crypto sector became the preferred option for cybercriminals in November, they launched a phishing attack via Google Ads to steal user credentials and trick them into logging into the user’s wallet. attack, to receive transactions made from the victim’s wallet. Similarly, hackers stole $ 1.7 million worth of NFTs targeting OpenSea in February and $ 18,000 in the latest attack by Discord.
Related Reading | OpenSea has confirmed the phishing attack has affected many users, here are the facts
When the publications discovered the fraud, Etherscan temporarily blocked the interaction with third parties. In addition, Dex Tools informed its community that Coinzilla, an ad network that claims to deliver more than 1 billion impressions per month to 600 popular crypto sites, has become the source of the bag. -or phishing attacks.
Dex tool tweet;
We disable all ads until the situation is clarified by @adsbycoinzilla . Be careful and don’t sign suspicious applications in your wallet. DEXTools does not automatically ask for any permission.
Featured image from Pixabay and chart from TradingView.com