While investigations are underway, the continued attack on numerous crypto platforms is also connected to the compromise of Coinzilla, an advertising and marketing agency. 


Popular crypto analytics platforms Etherscan and CoinGecko have parallelly issued an alert against an in progress phishing attack on their platforms. The firms began investigating the attack once numerous users reported unusual MetaMask pop-ups prompting users to attach their crypto wallets to the web site.  

Based on the information disclosed by the analytics firms, the newest phishing attack attempts to realize access to users’ funds by requesting to integrate their crypto wallets via MetaMask once they access the official websites. 

Etherscan further revealed that the attackers have managed to show phishing pop-ups via third-party integration and advised investors to refrain from confirming any transactions requested by MetaMask. 

Pointing toward the potential reason behind the attack, Noedel19, a member of Crypto Twitter, connected the continuing phishing attacks to the compromise of Coinzilla, an advertising and promoting agency, stating that “Any web site that makes use of Coinzilla Ads are compromised.” 


The screenshots shared below show the automatic pop-up from MetaMask asking to connect with the link incorrectly portraying as Bored Ape Yacht Club’s (BAYC) non-fungible token (NFT) providing. 

On May 4, Cointelegraph more warned readers regarding the increase in Ape-themed delivery phishing scams, that is more cemented by the latest warnings issued by Etherscan and CoinGecko. 

While an official confirmation from Coinzilla continues to be current, Noedel19 suspects that each one companies that have ad integration with Coinzilla stay in danger of similar attacks whereby their users get pop-ups for MetaMask integration. 

As a primary means that of damage management, Etherscan has disabled the compromised third-party integration on its web site. 

Within hours of the higher than development, Coinzilla disclosed to Cointelegraph that the difficulty was known and resolved, and processed that the services weren't compromised: 

“A single campaign containing a piece of malicious code has managed to pass our automated security checks. It ran for less than an hour before our team stopped it and locked the account.”

While highlighting that no advertiser or publisher was guilty, Coinzilla revealed plans of going on the offensive, stating:  

“An ad code was inserted from an external source via an HTML5 banner. We will be closely working with our publishers to offer support to affected users, identify the person that was behind the attack, and act accordingly.”

( Arijit Sarkar, Cointelegraph, 2022 )