Etherscan and CoinGecko warn of ongoing phishing attacks

The famous crypto analytical platforms Etherscan and CoinGecko have raised an alarm against a phishing attack in progress on their portals. The companies began investigating the attack following numerous reports of unusual MetaMask pop-ups, inviting users to link their crypto wallets to the website.

Security Warning: If you are on the CoinGecko website and are prompted by your Metamask to connect to this site, it is a scam. Don’t log in. We are investigating the root cause of this problem.

Security Alert: If you are on the CoinGecko website and you are being prompted by your Metamask to connect to this site, this is a SCAM. Don’t connect it. We are investigating the root cause of this issue. pic.twitter.com/7vPfTAjtiU

— CoinGecko (@coingecko) May 13, 2022

Etherscan also revealed that attackers managed to display phishing pop-ups via third-party integrations. Obviously, the company advises investors to refrain from confirming any transactions requested by MetaMask.

We have received reports of phishing pop-ups via a third-party integration. We are currently investigating.

Please be careful not to confirm the transactions that appear on the site.

We’ve received reports of phishing popups via a 3rd party integration and are currently investigating.

Please be careful not to confirm any transactions that pop up on the website.

— Etherscan (@etherscan) May 13, 2022

Pointing to the possible cause of the attack, Crypto Twitter member @ Noedel19 linked the ongoing phishing attacks to the compromise of Coinzilla, an advertising and marketing agency, stating that “any website that uses Coinzilla Ads has been compromise”.

The screenshots shared below show the MetaMask automatic pop-up prompting you to connect to the link presented as Bored Ape Yacht Club (BAYC) Non-Fungible Token Offering (NFT).

On May 4, Cointelegraph warned readers aboutincrease in phishing scams with Bored Ape themed airdrops, further confirmed by the latest warnings issued by Etherscan and CoinGecko.

While an official confirmation from Coinzilla is still awaited, @ Noedel19 suspects that all companies that have an advertising integration with Coinzilla are at risk of similar phishing attacks.

In order to stem the damage, Etherscan has disabled the compromised third party integration on their website.

Within hours of this development, Coinzilla revealed to Cointelegraph that the problem has been identified and fixed, clarifying that the services have not been compromised:

“A single campaign containing a malicious code snippet managed to pass our automated security checks. It ran for less than an hour before our team blocked it, deleting the account.”

While stressing that no advertiser or editor is directly guilty, Coinzilla revealed his intention to go on the offensive, stating:

“An ad code was inserted from an external source via an HTML5 banner. We will work closely with our editors to offer support to affected users, identify the perpetrator and act accordingly.”

The team behind BAYC also recently warned investors of a recent attack involving their official Instagram account.

There is no minting in place today. It appears that BAYC Instagram has been hacked. Don’t mint anything, don’t click on links and don’t connect your wallet to anything.

There is no mint going on today. It looks like BAYC Instagram was hacked. Do not mint anything, click links, or link your wallet to anything.

— Bored Ape Yacht Club (@BoredApeYC) April 25, 2022

As Cointelegraph reported on April 25, the hackers managed to access BAYC’s official Instagram account. The hackers then reached out to BAYC followers on Instagram by sharing links to fake airdrops.

Users who naively linked their MetaMask wallets to the Tinder site suffered the theft of their Ape NFTs. According to unconfirmed newsabout 100 NFTs were stolen during the phishing attack.