Phishing attack targets MetaMask users on popular crypto data sites
At the end of a truly awful week that saw the world's third-largest stablecoin crash, America's largest exchange Coinbase suffer an outage again, and crypto markets lose $400 billion, reports surfaced of an apparent phishing attack targeting users of popular crypto data sites like Etherscan and CoinGecko on Late Friday afternoon.
Etherscan and CoinGecko have both issued warnings about an ongoing phishing attack on their platforms. On May 14, CoinGecko posted a notice stating that the attack from crypto ad network Coinzilla was caused by a malicious ad script. It was disabled, and users were warned not to connect their MetaMask wallets to the data analytics portal.
The phishing attack appears to be coming from a domain with the Bored Ape Yacht Club logo on it; No one is surprised! The site associated with the domain appeared to be taken down. According to a WHOIS lookup, the domain was registered around 3 p.m. ET on Friday. It prompted users to connect their MetaMask wallets to use on the site, and because it appeared on domains that many people trust and use on a daily basis, they may have fallen for it and granted it access.
Etherscan, a popular Ethereum blockchain tracker, warned that "we've received reports of phishing popups via a 3rd party integration and are currently investigating. Please be careful not to confirm any transactions that pop up on the website."
Another cryptocurrency-based app website, DexTools, was also compromised. "We are disabling all ads until the situation is clarified by @adsbycoinzilla," it said before cautioning, "please be aware and don't sign suspicious requests at your wallet."
Crypto Phishing Attacks are on the rise at the moment. Check Point Research discovered a phishing attack last November that used Google Ads to either steal someone's credentials or trick them into logging into the attacker's wallet so that it could receive any transactions they attempted.
Another phishing attack targeted NFT marketplace OpenSea in February, resulting in the theft of $1.7 million in NFTs from platform users.
MetaMask users have also been targeted with scam emails disguised as verification requests from the crypto wallet.
Furthermore, following a major security breach on company servers in 2020, the French hardware wallet firm Ledger customers have been inundated with phishing emails and scams.
Terra co-creator Do Kwon says he's 'heartbroken' over Terra collapse
The Terra co-creator Do Kwon has been unusually quiet in recent days as the network has devolved into chaos. He returned to Twitter for the first time in two days today, hours after proposing a "Terra ecosystem revival plan" to the network's research forum to express sadness for how things have turned out.
Kwon, the founder of Terraform Labs and the creator of the LUNA governance token, TerraUSD stablecoin, and other cryptocurrencies, stated that he spent the last several days calling various community members about the tokens losing all of their value. Luna, which was worth nearly $120 at the start of April, fell precipitously this week and was trading at around 0.03 cents as of press time.
The revival plan, which was posted earlier Friday, envisions distributing network ownership among UST and LUNA holders; it acknowledges Terra's stablecoin as it stands is irrecoverable.
"I still believe that decentralized economies deserve decentralized money – but it is clear that $UST in its current form will not be that money," he wrote on Twitter.
Metaplex is solving Solana’s NFT botting spam
Solana's network crash on April 30 was blamed on botting programs that swarmed popular NFT mints. Solana was completely unusable, resulting in a mad dash among validators and contributors to identify the problem and bring the network back online. Solana's service was restored after seven hours.
Following the crash, Metaplex and Solana Labs began sharing strategies for dealing with the NFT botting situation and avoiding it in the future. The "bot tax" strategy.
Metaplex's botting penalty, which was implemented shortly after Solana was brought back online, charges such programmes a fee (or tax) for submitting "invalid" transactions—that is, large numbers of failed transactions that are identified as coming from an automated programme that is "blindly trying to mint," according to company tweets.
According to Metaplex Studios CTO Nhan Phan, the update allows validators to process and validate such transactions more quickly, "rather than go through the churn of trying to agree on whether it's an invalid transaction." it reduces the overall network load from botting.
Malicious botting in NFT mints on Solana has "gone down by an order of magnitude" since the Metaplex update, according to Phan.