Crypto data aggregator CoinGecko has been hit by a malicious pop-up prompting users to connect their MetaMask wallets. The platform which alerted users through Twitter later updated that it was caused by a malicious ad script by Coinzilla, a crypto ad network while stating,
We have disabled it now but there may be some delay due to CDN caching. We are monitoring the situation further. Do stay on alert and don’t connect your Metamask on CoinGecko.
Later Coinzilla came forward with a series of tweets and added that a single campaign containing a piece of malicious code has managed to pass its automated security checks before the team stopped it and locked the account.
“Our team will manually review and recreate all the creatives used by our clients. This is to remove ad codes from any 3rd party scripts. Furthermore, we will be closely working with our publishers to offer support to affected users, identify the person that was behind the attack, and act accordingly”, the tweet read.
Not only CoinGecko, several well-known crypto sites including Etherscan, and DexTools have warned users that they were aware of illegal popups emerging for visitors, and advised them not to conduct any transactions with these links.
CoinGecko attack originated from a BAYC-linked domain
Reports further mentioned that the suspicious link appeared to come from a website displaying the Bored Ape Yacht Club project, with an ape skull logo and a now-deactivated nftapes.win domain.
It urged users to connect their MetaMask, a crypto wallet app to use on the site, and due to its popularity, users often risk mistaking it as legitimate and giving it access.
The MetaMask crypto wallet is the one most commonly used by holders of Ethereum cryptocurrencies with over 30 million active users as of March.
Barely a month ago, a Phishing scam targeted MetaMask Crypto Wallet Holders Netting $650k. This was due to a flaw in its default settings where the app writes the security seed phrase needed for remote access to iCloud backups.
In February 2022, OpenSea came under a $1.7 million phishing attack where hackers exploited a planned upgrade to trick users into essentially signing a blank NFT check.