This week a popular third party advertising firm, Coinzilla, had their code delivery compromised. The way it works is companies looking to sell ad space install Coinzilla’s code package, and that code package displays ads that Coinzilla sources. This is a common pattern in all of adtech.
Coinzilla’s package seems to have been hacked, leading to sites that use it launching the hacker’s phishing attempt. Most notably, this included crypto analytics sites CoinGecko and Etherscan. When a user was targeted on those sites, they are prompted to connect their MetaMask wallet to a site called nftapes.win.
Etherscan and CoinGecko both quickly had similar statements on Twitter, with CoinGeck saying:
Security Alert: If you are on the CoinGecko website and you are being prompted by your Metamask to connect to this site, this is a SCAM. Don't connect it. We are investigating the root cause of this issue.
After investigating and resolving the vulnerability, Coinzilla was later quoted saying:
A single campaign containing a piece of malicious code has managed to pass our automated security checks. It ran for less than an hour before our team stopped it and locked the account.