Phishing Attack Targets MetaMask Users Through Suspicious Popups

Phishing targets MetaMask users (Photo: CoinGecko)

JAKARTA - CoinDesk and athe Block Crypto reported that the Etherscan, CoinGecko, and DexTools sites warned their users about a phishing attack on Saturday.

The three sites were aware of suspicious popups that appeared for visitors. They suggest not to confirm any transactions based on the popup earlier.

“Security Warning: If you are on the CoinGecko website and you are prompted by your Metamask to connect to this site, this is a FRAUD scam. Do not connect. We are investigating the root cause of this issue,” CoinGecko wrote on Twitter.

Update: The situation is caused by a malicious ad script by Coinzilla, a crypto ad network - we have disabled it now but there may be some delay due to CDN caching. We are monitoring the situation further. Do stay on alert and don't connect your Metamask on CoinGecko. https://t.co/NY0ppKecIG

— CoinGecko (@coingecko) May 13, 2022

A few hours after the first announcement, CoinGecko again updated the phishing developments on its site.

Update: The situation is caused by malicious scripts by Coinzilla, a crypto ad network - we have a flaw now but there may be some delays due to a sick CDN. We are monitoring the situation further. Do not stay alert and do not link your Metamask on CoinGecko.

In November, security firm Check Point Research identified a phishing attack using Google Ads that tried to steal someone's credentials or trick them into getting into an attacker's wallet so that the wallet would accept any transaction they attempted.

In February, a phishing attack stole $1.7 million worth of NFT from OpenSea users, while a more recent attempt via Discord only earned $18,000 worth of tokens.

Additionally, Etherscan also says they have disabled third-party integrations for now.

Interim we've taken immediate action to disable the said 3rd party integration on Etherscan.

— Etherscan (@etherscan) May 13, 2022