– On May 14, 2022, dozens of cryptocurrency websites, including major Ethereum explorer Etherscan, QuickSwap DeFi, CoinGecko analytics dashboard, DexTool hub and so on, faced a massive phishing attack.
– While visiting the websites, users were asked to authorize a transaction through their noncustodial wallets. The scammers offered to take part in a fake NFT giveaway.
– The scammers’ domain impersonated Bored Apes Yacht Club (BAYC), the most expensive non-fungible token collection. Right now, the BAYC floor price inches closer to $200,000, but the scammers offered the “apes” for free.
– The attack was carried out via Coinzilla, a popular crypto-centric advertising network. As such, the users of modern adblock services were the only safe ones.
– The signature itself was not malicious; victims were asked to sign another transaction required to transfer Ethereum (ETH), Binance Coins (BNB), Crypto.com Coins (CRO) or Fantom (FTM).
– The attack was mitigated in less than one hour after it was revealed by DeFi enthusiasts.
– The exact amount of funds stolen is yet to be evaluated.