Users of crypto wallets MetaMask and Phantom, as well as the crypto swap platform PancakeSwap, have been targeted in a crypto phishing scam involving at least half a million dollars being stolen, according to a Check Point Research (CPR) report.
- CPR said that in the past few days there have been “multiple events” in which hundreds of crypto wallet users have had their funds stolen while trying to download and install well-known wallets like Metamask or change their currencies on crypto swap platforms such as PancakeSwap or Uniswap.
- The scam campaigns used search engine advertisements to target crypto wallet users. They then employed fake URLs and websites to allow scammers to steal wallet passwords and access crypto funds held in wallets, said CPR.
- The report gives an example of how an attacker uses a Google ad campaign to steal the user’s private key and access their MetaMask wallet by giving them a phrase that allows them to steal the funds upon transfer.
- CPR advised crypto wallet users to “refrain from clicking on ads and only use direct, known URLs.”
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.