It has been reported that the firms began investigating the attack after numerous users reported unusual MetaMask pop-ups prompting users to connect their crypto wallets to the website.
However, based on the information disclosed by the analytics firms, the latest phishing attack attempts to gain access to users’ funds by requesting to integrate their crypto wallets via MetaMask once they access the official websites.
“Security Alert: If you are on the CoinGecko website and you are being prompted by your Metamask to connect to this site, this is a SCAM. Don't connect it. We are investigating the root cause of this issue.”
The report said that Etherscan further revealed that the attackers have managed to display phishing pop-ups via third-party integration and advised investors to refrain from confirming any transactions requested by MetaMask.
Likewise, pointing toward the possible cause of the attack, Noedel19, a member of Crypto Twitter, connected the ongoing phishing attacks to the compromise of Coinzilla, advertising, and marketing agency, stating that “Any website that makes use of Coinzilla Ads are compromised.”
While an official confirmation from Coinzilla is still underway, Noedel19 suspects that all companies that have ad integration with Coinzilla remain at risk of similar attacks wherein their users get pop-ups for MetaMask integration. As a primary means of damage control, Etherscan has disabled the compromised third-party integration on its website.
“A single campaign containing a piece of malicious code has managed to pass our automated security checks. It ran for less than an hour before our team stopped it and locked the account.”
“An ad code was inserted from an external source via an HTML5 banner. We will be closely working with our publishers to offer support to affected users, identify the person that was behind the attack, and act accordingly.”
Moreover, the team behind BAYC recently warned investors about an attack after hackers were found to breach their official Instagram accounts. As reported on April 25, hackers were able to gain access to BAYC’s official Instagram account. The hackers then contacted BAYC’s Instagram followers and shared links to fake airdrops.
Thus, users who connected their MetaMask wallets to the scam website were subsequently drained of their Ape NFTs. Unconfirmed reports suggest that approximately 100 NFTs were stolen during the phishing attack.