May 19, 2022 In CoinGecko, Users

CoinGecko Warn Users of ‘Suspicious Pop-Ups’ Phishing Attacks

Several popular crypto websites, including those of data aggregator CoinGecko and Ethereum block explorer Etherscan, were targeted by a large-scale phishing scam last weekend that displayed malicious pop-ups prompting users to connect their MetaMask wallets.

Security Alert: If you are on the CoinGecko website and you are being prompted by your Metamask to connect to this site, this is a SCAM. Don’t connect it. We are investigating the root cause of this issue.

— CoinGecko (@coingecko) May 13, 2022

The scam was linked to the now deactivated domain, which displayed the Bored Apes Yacht Club logo in an attempt to appear legitimate. At the time of writing, it was unclear how many users were affected and how much they lost.

🚨 We’ve received reports of phishing popups via a 3rd party integration and are currently investigating.

Please be careful not to confirm any transactions that pop up on the website.

— Etherscan (@etherscan) May 13, 2022

How the Scam Worked

According to CoinGecko, the scammers hijacked the advertising platform Coinzilla, which displays ads across a wide network of crypto-related sites, injecting malicious code that triggered the fraudulent pop-ups.

From there it was a relatively straightforward phishing scam leveraging the trust of the websites they exploited. The pop-ups would prompt users to connect their MetaMask wallets, and of course once they did their digital assets were immediately transferred to the scammers.

When the advertising code was identified as the root cause of the fraudulent pop-ups, it was deactivated on the CoinGecko website.

Advertising Code a Serious Vulnerability

Twitter user and blockchain researcher @CryptoShrine explained that this type of attack is quite common and suggests that Web3 site owners should look to move away from advertising as a primary source of revenue:


Ideally, the web3 related site owners should generate revenue through other means than just advertising

malvertising is a well-known tactic used by attackers in web2 space and can be extended to web3 space as well

— CryptoShine (@CryptoShine) May 14, 2022

Scams of this nature can cause significant losses because they can affect many websites at the same time by piggybacking on the advertising code, and because the malicious pop-ups can appear on trustworthy websites it increases the likelihood of users falling victim.

Similar Recent Phishing Scams

As crypto has gone more mainstream in the past 18 months, the number of phishing scams has dramatically increased. Last month alone saw MetaMask issue a security alert about a phishing scam affecting iCloud users and hardware wallet provider Trezor suffer a phishing scam that exploited its MailChimp newsletter.

  • Scams
  • Crypto News
  • MetaMask

The content and views expressed in the articles are those of the original authors own and are not necessarily the views of Crypto News. We do actively check all our content for accuracy to help protect our readers. This article content and links to external third-parties is included for information and entertainment purposes. It is not financial advice. Please do your own research before participating.