Crypto Data Aggregator Websites Targeted in New Phishing Attempts
CoinGecko and Etherscan users were targets of phishing attacks yesterday. Those on the crypto data aggregator websites were prompted to connect their MetaMask wallet to the nftapes.win website.
CoinGecko tweeted a warning to its users to be wary of any prompts asking them to connect their wallet to the site, saying that it is a scam.
Etherscan also rehashed this warning to its users, while revealing that it had disabled third-party integration into the platform immediately.
The websites have since updated their information, explaining the reason behind the attack. Investigations show that the phishing code was integrated into the ad from a popular crypto ad network, Coinzilla.
According to Coinzilla’s statement, the phishing attack lasted for less than one hour, and its team would “manually review and recreate all the creatives used by our clients” to avoid a future recurrence. It also mentioned that it would be working to identify the person behind the attack.
FrankResearcher, the director of Research at The Block, explained that the attacker “wanted to get tokens approvals or perform swaps through DEXs to their address.” Another crypto expert, Jon_HQ, expressed his surprise that the attack worked, given its simplicity.
He advised those who might have interacted with the ad to revoke access immediately. The security expert also mentioned the need to use Adblockers and move valuable NFTs from any wallet signed into the ad.
Phishing Attempts are Growing in Crypto
Phishing attacks have become quite common in the crypto space in recent months. With hackers perfecting ways to gain unauthorized access to users’ wallets, determining what is real and what is phishing has become more difficult.
Recently, Solana-based lifestyle Dapp, STEPN, was the victim of a phishing attack spotted by PeckShield. Popular crypto hardware wallet, Trezor, was also targeted in a phishing attempt that looked genuine.
Industry experts have highlighted that these hackers now use social engineering strategies for phishing attacks. Unfortunately, this makes it difficult for victims to identify such attacks until they’ve lost their assets.
What do you think about this subject? Write to us and tell us!
All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.