1 min read.Updated: 14 May 2022, 06:45 AM ISTLivemint
Cryptocurrencies websites reported incidents of malicious popup, prompting users to connect their MetaMask wallets to use on the site
Listen to this article
Several popular cryptocurrency data websites such as CoinGecko, Etherscan, DeFi Pulse, and others reported incidents of malicious popup, prompting users to connect their MetaMask wallets to use on the site. The wallet is a software crypto wallet that enables access on phone or via browser.
According to a CoinDesk report, the phishing attack appeared to promise a link to the Bored Ape Yacht Club project, with an ape skull logo and a (now-disabled) nftapes.win domain.
CoinGecko founder Bobby Ong told CoinDesk that they are investigating the root cause of the attack to fix the problem.
Ong assumed that the incident is caused by a malicious ad script by Coinzilla which is a crypto ad network.
Security Alert: If you are on the CoinGecko website and you are being prompted by your Metamask to connect to this site, this is a SCAM. Don't connect it. We are investigating the root cause of this issue. pic.twitter.com/7vPfTAjtiU
Last year, a security company Check Point Research identified a phishing attack that used Google ads and attempted to steal either someone's credentials or trick them into logging into the attacker's wallet so that it would receive any transactions they attempted.