Several websites, including CoinGecko and Etherscan, have suffered attacks aimed at tricking users through phishing attempts. The event took place over the weekend and serves as a reminder of the need for vigilance in our ecosystem
Sites like CoinGecko and Etherscan used for phishing
On Friday night, several cryptocurrency analytics websites such as CoinGecko or Etherscan were victims of a phishing attack.
A fraudulent advertisement on these platforms launched the users’ MetaMask wallet, in the same way as it happens when one visits a decentralised finance application (DeFi).
Potential victims were then prompted to sign a malicious transaction, leading them to believe they had won a Bored Ape Yatch Club (BAYC) franchise reward:
Security Alert: If you are on the CoinGecko website and you are being prompted by your Metamask to connect to this site, this is a SCAM. Don’t connect it. We are investigating the root cause of this issue. pic.twitter.com/7vPfTAjtiU
– CoinGecko (@coingecko) May 13, 2022
The flaw came from the services provided by the advertising company Coinzilla. Indeed, the attacker would have directly integrated his code in one of the campaigns, in order to affect all the sites on which it would be broadcast. According to the company, the problem was identified and fixed within an hour:
“.
A single campaign containing a piece of malicious code managed to pass our automated security checks. It ran for less than an hour before our team stopped it and locked the account. “
Obviously, this was not about any reward, but rather about authorising a smart contract whose purpose was to empty the victims’ digital wallets, as evidenced by the code analysed by this Twitter user:
Below is the code that was used in today’s attack through ads on crypto websites like @coingecko or @etherscan
The attacker wanted to get tokens approvals or perform swaps through DEXs to their address (it is not hardcoded, since it was pulled from API)https://t.co/cprOjdaxnG pic.twitter.com/3NyRhEtHwk
– Igor Igamberdiev (@FrankResearcher) May 13, 2022
Good habits to keep in mind
The ingenuity of this phishing attempt on CoinGecko and Etherscan is a reminder of the dangers that investors in the cryptocurrency world can sometimes face. In this case, the attack was aimed, as it often is, at manipulating the emotions of the target in order to make them act in haste.
Here, the very popular BAYC world was used. However, the fact that MetaMask opened in a situation where it should not have done so could call for distrust. If this had been legitimate, there is no doubt that the various actors involved would have announced the news on their own social networks.
Other attack vectors can also be used, particularly email, as demonstrated by a recent fraudulent campaign targeting Trezor hardware wallet owners.
While we don’t know if there were any victims in this attack, it does show that vigilance and critical thinking are of paramount importance in the world of blockchain and cryptocurrencies.