Popular cryptocurrency site CoinGecko and service Etherscan reported that users were complaining about a phishing attack. It turned out that the attack is happening through a third-party ad script.
On Twitter, CoinGecko and Etherscan reported that visitors to the sites were being asked to connect their wallet to a site called “nftapes.win”. Both services warned that this was a phishing attack and scam, and urged users to never connect their wallets to this site.
It later turned out that the phishing attack was carried out through Coinzilla, an advertising network specialising in cryptocurrencies. The CoinGecko news site stressed that the ad network’s integration had been disabled:
“We have disabled the Coinzilla ad script, but users may still have it running for a while due to caching delays in CDNs. We will continue to monitor the situation. Stay vigilant at all times and do not connect your Metamask wallet to our website.”
In early May, Malwarebytes Labs, a blockchain security company, reported that with the growing popularity of NFT, scammers are increasingly using the free distribution of non-exchangeable tokens to obtain sido tags from users’ wallets.