CoinGecko Warn Users of ‘Suspicious Pop-Ups’ Phishing Attacks

Several popular crypto websites, including those of data aggregator CoinGecko and Ethereum block explorer Etherscan, were targeted by a large-scale phishing scam last weekend that displayed malicious pop-ups prompting users to connect their MetaMask wallets.

The scam was linked to the now deactivated domain nftapes.win, which displayed the Bored Apes Yacht Club logo in an attempt to appear legitimate. At the time of writing, it was unclear how many users were affected and how much they lost.

How the Scam Worked

According to CoinGecko, the scammers hijacked the advertising platform Coinzilla, which displays ads across a wide network of crypto-related sites, injecting malicious code that triggered the fraudulent pop-ups.

From there it was a relatively straightforward phishing scam leveraging the trust of the websites they exploited. The pop-ups would prompt users to connect their MetaMask wallets, and of course once they did their digital assets were immediately transferred to the scammers.

When the advertising code was identified as the root cause of the fraudulent pop-ups, it was deactivated on the CoinGecko website.

Advertising Code a Serious Vulnerability

Twitter user and blockchain researcher @CryptoShrine explained that this type of attack is quite common and suggests that Web3 site owners should look to move away from advertising as a primary source of revenue:

8/?

Ideally, the web3 related site owners should generate revenue through other means than just advertising

malvertising is a well-known tactic used by attackers in web2 space and can be extended to web3 space as well

— CryptoShine (@CryptoShine) May 14, 2022

Scams of this nature can cause significant losses because they can affect many websites at the same time by piggybacking on the advertising code, and because the malicious pop-ups can appear on trustworthy websites it increases the likelihood of users falling victim.

Similar Recent Phishing Scams

As crypto has gone more mainstream in the past 18 months, the number of phishing scams has dramatically increased. Last month alone saw MetaMask issue a security alert about a phishing scam affecting iCloud users and hardware wallet provider Trezor suffer a phishing scam that exploited its MailChimp newsletter.