Phishing Attack Popup Targets MetaMask Users Visiting Popular Crypto Sites

As if this week wasn’t bad enough for many cryptocurrency owners, with stablecoins crashing and Coinbase going down at a particularly bad time, they are now reportedly the target of another phishing attack. As reported by CoinDesk and The block cryptosites included ether scan† CoinGekkoand DexTools all warned users that they were aware of suspicious pop-ups that appeared to visitors, and advised them not to confirm transactions based on pop-ups.

Like many recent phishing attacks, this one seemed to promise a link to the Bored Ape Yacht Club project, with a monkey skull logo and a (now disabled) nftapes.win domain. It asked users to connect their MetaMask wallet (a software cryptocurrency wallet that allows access on your phone or through a browser extension) to use on the site, and since it appeared on domains that many people trust and use every day , they may have fell for it and gave it access.

Last November, security firm Check Point Research identified a phishing attack that used Google ads that either attempted to steal someone’s credentials or trick them into logging into the attacker’s wallet so that they would receive all the transactions they attempted. In February, a phishing attack stole $1.7 million in NFTs from OpenSea users, while a more recent attempt via Discord netted just $18,000 in tokens.

Etherscan said it has disabled third-party integration for the time being. A tweet from CoinGekko identified the source of the malicious pop-up as Coinzilla, an industrial advertising network that told customers it could deliver more than 1 billion impressions per month on more than 600 reputable sites popular with crypto enthusiasts.