Cryptocurrency owners have been warned once again to be on their guard against scammers following the detection of a new phishing attack.
Visitors to several popular cryptocurrency websites, including Etherscan, CoinGecko, and DexTools, encounter suspicious pop-ups.
The attack appears to target those who own MetaMask cryptocurrency wallets, which allow users to access their cryptocurrencies on their mobile device or in a browser, and uses the logo of the notorious Bored Ape Yacht Club group to try to prove its legitimacy.
Along with the Bored Ape logo, the pop-up asks the victim to "log in with MetaMask" in an attempt to trick them into thinking the ad is a legitimate part of the site. Their goal is to direct victims to a malicious domain that would see a user's crypto wallet depleted with no hope of recovery.
Affected sites quickly took action, with Etherscan claiming to have disabled third-party integrations on its website and warning users not to confirm any transactions that appeared in a pop-up window.
CoinGecko said that it identified Coinzilla, an industry advertising network, as the source of the malicious pop-up and removed it from its site as well.
The news is the latest in a long line of scams and fraudulent attacks targeting crypto owners, now numbering in the tens of millions.
In March 2022, ESET discovered a scam campaign that used malicious apps distributed through fake websites to steal Bitcoins and other cryptocurrencies from unsuspecting users.
Malicious apps mimicked popular cryptocurrency wallets including Metamask, Coinbase, Trust Wallet, TokenPocket, Bitpie, imToken, and OneKey, and scammers even placed ads on legitimate websites with misleading articles to promote fake websites distributing the wallet apps. imitated.
Earlier this year, hundreds of millions of dollars worth of cryptocurrency was also stolen from the Ronin network, which provides the “blockchain bridge” that powers the NFT game Axie Infinity.
Via CoinDesk