On the night of Friday to Saturday, it became known that several platforms related to cryptocurrencies were subjected to various kinds of attacks that could compromise the security of their users’ data, and then, possibly, their funds. This situation affected CoinGecko, Etherscan and QuickSwap.
In the case of CoinGecko and Etherscan, the phishing attack occurred via a pop-up notification when entering these portals. The post suggested connecting the MetaMask wallet to nftapes.win, an ad that is not normally displayed on these sites.
Both platforms said the initial issue was related to Coinzilla, the advertising service used by those sites. In a post posted on his twitter accountCoinzilla said the issue was caused by malicious code in an ad campaign that bypassed the site’s automatic security checks.
We have added additional checks to ensure the safety of users who see our ads.
To clarify what happened:
One campaign containing a piece of malicious code was able to pass our automated security checks.
—Coinzilla (@adsbycoinzilla) May 14, 2022
“It worked for less than an hour before our team disabled it and banned the account.” added the advertising service, which also pledged to ensure that the code in question is removed from all third-party scripts, to help those affected and to investigate those responsible for the attack.
They did not acknowledge or deny that any users were affected.
Although the affected platforms released statements with additional details on Twitter, they did not acknowledge or deny that users lost funds as a result of the attack. This article will be updated as new information becomes available on this subject.
Update: The situation is caused by a malicious ad script from Coinzilla, a crypto ad network – we have disabled it now, but there may be some delay due to CDN caching. We are monitoring the situation further. Be careful not to connect your metamask to CoinGecko. https://t.co/NY0ppKecIG
— CoinGecko (@coingecko) May 13, 2022
This is reported by CoinGecko in his Twitter account. that this is an attackcurrently disabled, but there may be some delay due to CDN caching“. “We are monitoring the situation more closely. Be vigilant and do not connect your MetaMask to CoinGecko“, they added.
2/ Integration with CoinZilla was disabled immediately after receiving the warning. Later, Coinzilla also informed us that they fixed this issue on their side. We have been monitoring the situation since then, there have been no new reports.
— Eterscan (@etherscan) May 14, 2022
As for Etherscan, the announcement was similar, on the same social network. “Integration with CoinZilla was disabled immediately after receiving the warning. Later, Coinzilla also informed us that they fixed this issue on their end. Since then, we have been monitoring the situation, no new messages have been received.“, they wrote from an Ethereum network block explorer account.
We are disabling all ads until the situation is clarified by @adsbycoinzilla . Please be aware and don't sign suspicious requests at your wallet. DEXTools does not automatically request any permissions. 🚨🚨 https://t.co/gC7Oebkj0R
— DEXTools (@DEXToolsApp) May 13, 2022
Another platform affected was DexTools, a decentralized finance (DeFi) application for decentralized exchanges. In a tweetthey also blamed Coinzilla for the problem and asked:to be careful not to sign suspicious requests in your wallet, DEXTools does not automatically ask for permission“.
Quickswap is also compromised
The decentralized exchange, or DEX Quickswap, was also the victim of a security breach that was reported early on Saturday, May 14th. According to the platform’s official Twitter account, the Quickswap domain provided and hosted by GoDaddy was “abstract“.
This prevented the safe exchange of cryptocurrency (swap) on the platform. At the time of this writing, the site is still “under maintenance” and its services cannot be used directly.
“Funds in LP, Dragon’s Lair, Syrup Pools and wallets are safe“, – the protocol clarified in its message. As in previous cases, Quickswap did not report any losses that its users may have suffered as a result of this situation.
The use of DEXs has increased since last year, and they are even gradually replacing centralized exchanges. According to dappradar.com, Quickswap is one of the top 5 exchanges in the world in terms of trading volume in this growing category, so thousands of users could be affected by a vulnerability in its functionality.
Pin up Hide table of contents