Crypto Wallets MetaMask, Phantom Targeted in $500K Phishing Attack: Report

Nov 4, 2021 | Decrypt News | 0 comments

crypto-wallets-metamask,-phantom-targeted-in-$500k-phishing-attack:-report

Check Point Research (CPR) has discovered a “massive search engine phishing campaign” that has resulted in at least half a million dollars worth of crypto stolen from users. 

“Over the past weekend, Check Point Research encountered hundreds of incidents in which crypto investors lost their money while trying to download and install well-known crypto wallets or change their currencies on crypto swap platforms like PancakeSwap or Uniswap,” CPR said.

“I just installed the phantom wallet and somehow I ended up downloading the scam,” one Reddit user said, adding, “I am somewhat new to wallets.” 

The scam, CPR found, has also been hitting MetaMask and Phantom users, two popular crypto wallets, with scammers mimicking legitimate websites almost perfectly. 

“Over the past weekend, researchers from CPR spotted multiple phishing websites that looked like the original website, because the scammers copied its design,” CPR added. 

Phantom and MetaMask

For the Phantom domain, users were encountering phishing domains like “phanton.app” or “phantonn.app,” as opposed to the legitimate “phantom.app.”

The same was true of the scammers’ MetaMask tactics, which saw domains like “MètaMask” appear via Google ad campaigns. In the case of MetaMask, the scammers were also trying to steal user private keys to access their wallets.  

“What makes this phishing campaign unique is the fact that the scammers are not sending phishing links via email like traditional phishing scams,” CPR said. “Instead, they are using Google ad campaigns to make their phishing websites appear before the original site when anyone searches the keyword,” the group added. 

But what can users do to protect themselves? CPR has provided cautionary steps for crypto users.

These include looking at the first website in your search and ensuring that it is not an ad. Users, CPR suggests, should also never give out their passphrase. 

Last but not least, CPR says, “always double-check the URLs.”

News Source from Decrypt.co

Related Articles

Ubisoft Launches Their First NFTs On Tezos

Ubisoft Launches Their First NFTs On Tezos

NFTs in gaming have been a hot topic in recent months, but one that hasn’t yet truly seen the light of day – outside of crypto-dedicated projects. While traditional gaming brands and properties have generally shared some sort of sentiment around NFTs, none have made...

Gaming giant Ubisoft is testing in-game NFTs through a new platform

Gaming giant Ubisoft is testing in-game NFTs through a new platform

Ubisoft has become the first major gaming firm to step into the world of non-fungible tokens (NFTs), with an announcement that hints at expanding a broader blockchain-based metaverse.  As per a Tuesday release, Ubisoft has launched the beta version of a new platform...

Hathor Network: Making Blockchain Easy for Everyone

Hathor Network: Making Blockchain Easy for Everyone

PRESS RELEASE. The blockchain revolution has captured the attention of millions in the past decade. The advent of cryptocurrencies like bitcoin has redefined the concept of money, while smart contract networks have expanded blockchain applications towards different...

Pin It on Pinterest

Share This