While investigations continue, Coinzilla, an advertising agency and marketing agency, may have been compromised.
CoinGecko and Etherscan, two popular crypto analytics platforms, have issued parallel alerts against a phishing attack. After users reported unusual MetaMask popups, prompting them to connect to their crypto wallets to this website, the firms started investigating the attack.
According to the data provided by analytics firms, the latest Phishing Attack attempts to access users’ funds through requesting that they integrate their crypto wallets using MetaMask after they access the official websites.
🚨 We’ve received reports of phishing popups via a 3rd party integration and are currently investigating.— Etherscan (@etherscan) May 13, 2022
Please be careful not to confirm any transactions that pop up on the website.
Etherscan revealed that attackers were able to display phishing popups via third party integration. It advised investors not to confirm any transactions requested from MetaMask.
@Noedel19, a Crypto Twitter member, pointed out the possible source of the attack and connected the ongoing phishing attacks with the compromise of Coinzilla. This advertising and marketing agency is known for its ability to market products and services. He stated that any website that uses Coinzilla Ads will be compromised.
Below are the screenshots of an automated pop-up from MetaMask requesting to connect with the link misrepresenting itself as Bored Ape Yacht Club (BAYC), non-fungible tokens (NFT).
Cointelegraph warned readers on May 4th about an increase in Ape-themed scam phishing scams. This is further reinforced by the latest warnings from Etherscan, CoinGecko.
Although Coinzilla has not yet confirmed, @Noedel19 believes that any company that integrates with Coinzilla’s ad platform is at risk of similar attacks in which their users are presented with pop-ups for MetaMask integration.
Etherscan disabled third-party integrations on its website as a primary method of damage control.
Coinzilla has yet to respond to Cointelegraph’s request for comment.
After hackers hacked their official Instagram account, the team behind BAYC warned investors.
Cointelegraph reported that hackers gained access to the official Instagram account of BAYC on April 25. The hackers then reached out to BAYC’s Instagram users and shared links for fake airdrops.
Users who linked their MetaMask wallets with the scam website were then drained of their Ape FFTs. Unconfirmed reports indicate that around 100 NFTs were taken during the phishing attack.