Dangerous phishing pop-ups appear across major crypto websites

MetaMask users targeted visiting crypto sites

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cryptocurrency owners have once again been warned to be on their guard against scammers following the detection of a new phishing attack.

Visitors to a number of popular cryptocurrency websites, including the likes of Etherscan, CoinGecko and DexTools, are being confronted with suspicious popups.

The attack seems to be targeting those with MetaMaskcryptocurrency wallets, which allows users to access their crypto holdings on their mobile device or in abrowser, and uses the logo of the notorious Bored Ape Yacht Club group to try and prove its legitimacy.

Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.

MetaMask scam

Along with the Bored Ape logo, the popup asks the victim to “Connect with MetaMask” in an attempt to trick them into thinking the ad is a legitimate part of the site. It aims to direct victims to a malicious domain which would see a user’s crypto wallet drained with no hope of recovery.

The affected sites have been quick to take action, with Etherscan saying it has disabled third-party integrations on its website, and warning users not to confirm any transactions that appear in a popup.

CoinGecko said it had identified Coinzilla, an industry advertising network, as the source of the malicious popup, and had also removed it from its site.

FBI says North Korean Lazarus group was behind huge crypto theft>2FA compromise led to Crypto.com hack>There’s been yet another massive crypto heist

The news is the latest in a long series of scams and fraud attacks targeting crypto owners, of which there are now tens of millions.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Back in March 2022, ESET uncovered a scam campaign that used malicious apps distributed through fake websites in order tosteal Bitcoin and other cryptocurrenciesfrom unsuspecting users.

The malicious apps mimicked popular cryptocurrency wallets including Metamask, Coinbase, Trust Wallet, TokenPocket, Bitpie, imToken and OneKey, and the fraudsters even placed ads on legitimate websites with misleading articles to promote the fake websites that distributed the copycat wallet apps.

Earlier this year, hundreds of millions of dollars in cryptocurrency was alsostolen from the Ronin Network, which provides the “blockchain bridge” that powers NFT game Axie Infinity.

ViaCoinDesk

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK’s leading national newspapers and fellow Future title ITProPortal, and when he’s not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)