Cybersecurity agency Peckshield has reported that cybercriminals have flooded the internet with phishing sites of gaming project Stepn to steal users’ sid phrases.
Blockchain security experts at Peckshield reported on Twitter that fraudsters have been creating pages that mimic the popular site. Experts explained that attackers place a fake MetaMask plugin in the browser, which steals sido phrases from unsuspecting Stepn users.
Once the sido phrase is stolen, hackers gain full control of the user’s wallet and then withdraw the assets to their wallets. The cybersecurity agency has urged Stepn users to contact support as soon as possible if they find anything suspicious in their accounts.
Some customers have already said that they have encountered problems.
Stepn themselves have not yet had any comment on the Peckshield claim – despite the fact that the phishing notice came nearly 20 hours after the cryptocurrency community completed a discussion about the hacking attacks on Peckshield’s Twitter audio room.
Stepn is a Solana-based gaming platform in which gamers buy trainers with non-exchangeable tokens (NFTs) to start playing. The app tracks users’ movements via GPS on their mobile phones and gives them in-game Green Satoshi tokens (GST).
Last week, ConsenSys, the company behind the popular cryptocurrency wallet MetaMask, sent out a warning to users about the dangers of storing data in Apple iCloud due to the possibility of phishing. The fact is that with default settings, Apple devices, including iPhones, iPads and Macs, store “password-protected MetaMask storage” in the cloud service iCloud. If attackers can gain access to the service via phishing and the wallet password is not strong enough, users risk losing all funds.