Popular crypto analytics platforms Etherscan and CoinGecko have simultaneously issued a warning about an ongoing phishing attack on their platforms. The firms began investigating the attack after numerous users reported unusual MetaMask pop-ups asking users to connect their crypto wallets to the website.
Based on the information disclosed by the analytics firms, the latest phishing attack attempts to gain access to users’ funds by requesting their crypto wallet integration via MetaMask once they access the official websites.
Etherscan further revealed that the attackers managed to display phishing pop-ups via third-party integration and advised investors not to confirm transactions requested by MetaMask.
a member of Crypto Twitter, pointed out the possible cause of the attack and linked the ongoing phishing attacks to the compromise of Coinzilla, an advertising and marketing agency, stating: “Any website using Coinzilla Ads, is compromised.”
The screenshots shared below show MetaMask’s automated pop-up asking you to connect to the link incorrectly presented as a Bored Ape Yacht Club (BAYC) Non-Fungible Token (NFT) offering.
As Cointelegraph reported on April 25, hackers were able to gain access to BAYC’s official Instagram account. The hackers then contacted BAYC’s Instagram followers and shared links to fake airdrops.
Users who connected their MetaMask wallets to the scam website subsequently had their Ape NFTs revoked. Unconfirmed Reports recommend that around 100 NFTs were stolen during the phishing attack.