When these cybercriminals get the seed phrase, they gain full control over the STEPN user’s control panel.
Peckshield, a well-known blockchain security company, reported on Monday the existence of numerous phishing websites targeting the Web3 lifestyle app STEPN. According to Peckshield, the hackers are planting a fake MetaMask browser plugin that allows them to steal seed phrases from unsuspecting STEPN users.
When these cybercriminals receive a seed, they gain full control of the STEPN user’s control panel, where they can connect their stolen wallets to their own or “demand” a freebie according to Peckshield.
Peckshield urged STEPN users to contact support as soon as possible if they encounter anything suspicious on their accounts. Some customers have reported issues, reported them to support, and resolved the issue.
I had the exact same issue but it was resolved within minutes when I contacted the support team using the link below. Try it, my friend! https://t.co/l36cJerNm2
— Christian Ronaldo (@christianronal24) April 25, 2022
However, STEPN has not yet officially commented on this. The phishing notification came almost 20 hours after the Web3 lifestyle app ended its Twitter AMA session. Peckshield is a popular Twitter account where the cryptocurrency community can find out about hacks or phishing scams.
STEPN is a game based on Solana where players buy sneakers with non-fungible tokens (NFTs) to start playing. The app tracks users’ movements via GPS on their mobile phones and gives them in-game tokens called Green Satoshi Tokens (GST). These coins can then be exchanged for USD Coin (USDC) or Solana (SOL), allowing users to withdraw funds.
Phishing attacks, scams, and protocol exploits are becoming more prevalent in the cryptocurrency industry as decentralized finance (DeFi) and non-fungible tokens (NFTs) become popular. These types of attacks are not new, but they are constantly evolving to exploit users in different ways.
Related: Trezor investigates potential data leaks as users cite phishing attacks
Last month, the Ronin Bridge on Axie Infinity was attacked, resulting in the theft of more than $600 million in Ether (ETH) and USD coins. As Cointelegraph recently reported, an attacker stumbled across the finish line in a cryptocurrency heist that went awry, leaving over $1 million in stolen cryptocurrency. Earlier this year, $80 million in crypto was stolen from Qubit Finance when hackers tricked the protocol into saying they posted a pledge that would allow them to create an intermediate currency.