While the investigation is still ongoing, the ongoing attack on various crypto platforms could be linked to the compromise of Coinzilla, an advertising and marketing agency.
Popular crypto analytics platforms Etherscan and CoinGecko simultaneously issued an alert about an ongoing phishing attack on their platforms. The companies began investigating the attack after numerous users reported unusual MetaMask pop-ups asking users to connect their cryptocurrency wallets to the website.
According to analytics companies, the latest phishing attack attempts to access users’ funds by requesting their crypto wallets to be integrated via MetaMask after they log in to the official websites.
Etherscan also reported that the attackers were able to display phishing pop-ups using a third-party integration and advised investors not to confirm transactions requested by MetaMask.
Noting the possible cause of the attack, Noedel19, a member of Crypto Twitter, linked the ongoing phishing attacks to the compromise of Coinzilla, an advertising and marketing agency, stating that “every website that uses Coinzilla Ads is compromised “.
Compromised CoinZilla source code with phishing link. Source: @Noedel19
The screenshots below show an automated pop-up from MetaMask asking you to connect using a link that incorrectly represents a non-fungible token (NFT) offering from the Bored Ape Yacht Club (BAYC).
CoinGecko website shows fake MetaMask popup. Source: @Noedel19
On May 4, Cointelegraph additionally warned readers about the rise in Ape-themed phishing airdrops, further supported by the latest alerts from Etherscan and CoinGecko.
Although official confirmation has not yet been received from Coinzilla, Noedel19 suspects that all companies that have advertising integration with Coinzilla are still at risk of similar attacks if their users receive MetaMask integration pop-ups.
As a primary defense against harm, Etherscan has disabled compromised third-party integration on its website.
Within hours of the above event, Coinzilla informed Cointelegraph that the issue had been identified and fixed, and clarified that the services had not been compromised:
“The only campaign that contained malicious code passed our automated security checks. It was running for less than an hour before our team stopped it and suspended the account.”
Stressing that no advertiser or publisher is to blame, Coinzilla revealed plans to go on the offensive, stating:
“The ad code was inserted from an external source via an HTML5 banner. We will be working closely with our publishers to offer support to affected users, identify the individual behind the attack and act accordingly.”
Also See: Bored Ape Yacht Club NFTs Stolen in Instagram Phishing Attack
The BAYC team recently alerted investors to an attack after hackers hacked into their official Instagram accounts.
As Cointelegraph reported on April 25, hackers managed to gain access to BAYC’s official Instagram account. The hackers then contacted BAYC’s Instagram followers and shared links to fake airdrops.
Users who connected their MetaMask wallets to the fraudulent website subsequently had their Ape NFTs revoked. According to unconfirmed reports, around 100 NFTs were stolen during the phishing attack.