Phishing attacks are getting smarter!
Away from the recent collapse of LUNA-UST which seems to have eclipsed all other issues, there has actually been another unfortunate event in crypto...
Last Friday, it was reported that users of crypto data websites such as Etherscan, CoinGecko, DeFi Pulse and others were greeted with a malicious pop-up prompting them to connect their MetaMask wallets to a fake domain displaying the Bored Ape Yacht Club logo
Once users connect their wallets, scammers can get access and steal all coins/tokens stored there.
Both Etherscan and CoinGecko warned about the breach and warned users from connecting wallets with their sites...
On the face of it, this might seem normal, as we all know how crowded with scammers the crypto space is. Scammers who always try to take advantage of the anonymity nature of cryptocurrency to make illicit gains. However, what is really concerning, this time, is that they have managed to do their traps on some of the most famous and trusted crypto-related sites. They didn't have to create fake sites or domains, they were able to pull their victims right from the legit sites. Many people who are already suffering from the recent decline in crypto, unfortunately, fell for it and lost their remaining savings which is a horrible thing to see...
How did they manage to hack all those sites at once?
Well, according to Coingecko:
The situation is caused by a malicious ad script by Coinzilla, a crypto ad network - we have disabled it now but there may be some delay due to CDN caching. We are monitoring the situation further. Do stay on alert and don't connect your Metamask on CoinGecko.
This means that the scammers didn't really hack CoinGecko, but they hacked the ad company linked with CoinGecko (and other sites) in order to make their malicious Metamask pop-ups.
As you can see, as crypto expands, drooling scammers can make sly ways to trap their victims...
The golden rule is to get yourself a hardware wallet to store the lion's share of your crypto portfolio. But if you can't afford one, or you want to use Metamask to interact with defi protocols, then please distribute your coins/tokens into multiple wallets. We all know how the saying goes "don't put all your eggs in one basket"
Another tip is to bookmark the DEXs or Defi protocols you usually use to make sure that you never connect your wallet to any random sites. And always remember there is nothing "free" in the world, so any message that suddenly pops up offering you a "free NFT" or "free Bitcoin", is %99 a SCAM.
Please, be careful and exercise extra caution with your hard-earned money, as NO ONE would compensate you if lost any of it...
PS, Unless otherwise stated, all images in this post are either my own design or from free photo-sharing sites (e.g. pixabay.com)
Hello @qsyal
These things are impressive, cyber crooks are very cunning, unfortunately they use their intelligence to create damage and not to build.
What never ceases to amaze me is not that but that people keep falling for these things, connecting their wallets to sites they have no certainty about. It's best to stay away from those things that offer crypto gifts.
You're right, buddy...once people understand that there is NOTHING free in crypto, they already avoid 90% of scams
Thanks for reading :)
One needs to be careful and cautious in the crypto space because these scammers are getting more sophisticated by the day. The rule of thumb is "do not connect your wallet to any site you are not sure of."
Thanks for sharing buddy
You're right, and another rule of thumb is "if it's too good to be true, then it's most likely not true"
Thanks for reading :)
Security remains a huge issue in this space, and the sooner the security risk is reduced to the barest minimum, the faster and greater crypto adoption will increase?
Hello friend, scammers are certainly becoming more cunning and audacious, so we should always be wary of any site or ad that asks us to connect our wallet, we must investigate first, especially if they make an offer that seems too good.
You're absolutely right. If it is too good to be true, then it is most likely not true
thanks for stopping by :)