CoinGecko and Etherscan users were targets of phishing attacks yesterday. Those on the crypto data aggregator websites were prompted to connect their MetaMask wallet to the website.

CoinGecko tweeted a warning to its users to be wary of any prompts asking them to connect their wallet to the site, saying that it is a scam.

Security Alert: If you are on the CoinGecko website and you are being prompted by your Metamask to connect to this site, this is a SCAM. Don't connect it. We are investigating the root cause of this issue.— CoinGecko (@coingecko) May 13, 2022

Etherscan also rehashed this warning to its users, while revealing that it had disabled third-party integration into the platform immediately. 

We’ve received reports of phishing popups via a 3rd party integration and are currently investigating. Please be careful not to confirm any transactions that pop up on the website.— Etherscan (@etherscan) May 13, 2022

The websites have since updated their information, explaining the reason behind the attack. Investigations show that the phishing code was integrated into the ad from a popular crypto ad network, Coinzilla. 

According to Coinzilla’s statement, the phishing attack lasted for less than one hour, and its team would “manually review and recreate all the creatives used by our clients” to avoid a future recurrence. It also mentioned that it would be working to identify the person behind the attack.

Below is the code that was used in today's attack through ads on crypto websites like @coingecko or @etherscanThe attacker wanted to get tokens approvals or perform swaps through DEXs to their address (it is not hardcoded, since it was pulled from API)— Igor Igamberdiev (@FrankResearcher) May 13, 2022

FrankResearcher, the director of Research at The Block, explained that the attacker “wanted to get tokens approvals or perform swaps through DEXs to their address.” Another crypto expert, Jon_HQ, expressed his surprise that the attack worked, given its simplicity. 

Major Phishing Alert The attack currently live against @etherscan @DEXToolsApp @coingecko and more is due to the use of coinzilla – a cryptoad network – more below – do not sign any requests delivered to your Metamask! Retweet for awareness please.— Jon_HQ (@Jon_HQ) May 13, 2022

He advised those who might have interacted with the ad to revoke access immediately. The security expert also mentioned the need to use Adblockers and move valuable NFTs from any wallet signed into the ad.

Phishing Attempts are Growing in Crypto

Phishing attacks have become quite common in the crypto space in recent months. With hackers perfecting ways to gain unauthorized access to users’ wallets, determining what is real and what is phishing has become more difficult. 

Recently, Solana-based lifestyle Dapp, STEPN, was the victim of a phishing attack spotted by PeckShield. Popular crypto hardware wallet, Trezor, was also targeted in a phishing attempt that looked genuine.

Industry experts have highlighted that these hackers now use social engineering strategies for phishing attacks. Unfortunately, this makes it difficult for victims to identify such attacks until they’ve lost their assets.

What do you think about this subject? Write to us and tell us!
The post Crypto Data Aggregator Websites Targeted in New Phishing Attempts appeared first on BeInCrypto.
Original Source: Be In Crypto Crypto Data Aggregator Websites Targeted in New Phishing Attempts