Skip to main content

Dangerous phishing pop-ups appear across major crypto websites

Representational image depecting cybersecurity protection
(Image credit: Shutterstock)

Cryptocurrency owners have once again been warned to be on their guard against scammers following the detection of a new phishing attack.

Visitors to a number of popular cryptocurrency websites, including the likes of Etherscan, CoinGecko and DexTools, are being confronted with suspicious popups.

The attack seems to be targeting those with MetaMask cryptocurrency wallets, which allows users to access their crypto holdings on their mobile device or in a browser, and uses the logo of the notorious Bored Ape Yacht Club group to try and prove its legitimacy.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab). Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey (opens in new tab) to get the bookazine, worth $10.99/£10.99.

MetaMask scam

Along with the Bored Ape logo, the popup asks the victim to "Connect with MetaMask" in an attempt to trick them into thinking the ad is a legitimate part of the site. It aims to direct victims to a malicious domain which would see a user's crypto wallet drained with no hope of recovery.

The affected sites have been quick to take action, with Etherscan saying it has disabled third-party integrations on its website, and warning users not to confirm any transactions that appear in a popup. 

CoinGecko said it had identified Coinzilla, an industry advertising network, as the source of the malicious popup, and had also removed it from its site.

The news is the latest in a long series of scams and fraud attacks targeting crypto owners, of which there are now tens of millions.

Back in March 2022, ESET uncovered a scam campaign that used malicious apps distributed through fake websites in order to steal Bitcoin and other cryptocurrencies (opens in new tab) from unsuspecting users. 

The malicious apps mimicked popular cryptocurrency wallets including Metamask, Coinbase, Trust Wallet, TokenPocket, Bitpie, imToken and OneKey, and the fraudsters even placed ads on legitimate websites with misleading articles to promote the fake websites that distributed the copycat wallet apps.

Earlier this year, hundreds of millions of dollars in cryptocurrency was also stolen from the Ronin Network (opens in new tab), which provides the "blockchain bridge" that powers NFT game Axie Infinity.

Via CoinDesk (opens in new tab)

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.