Crypto Wallets MetaMask, Phantom Targeted in $500K Phishing Attack: Report
Check Point Research (CPR) has discovered a “massive search engine phishing campaign” that has resulted in at least half a million dollars worth of crypto stolen from users. “Over the past weekend, Check Point Research e...
Archive context
Older archive item. Useful for background and entity history, but not a fresh market-moving signal.
Check Point Research (CPR) has discovered a “massive search engine phishing campaign” that has resulted in at least half a million dollars worth of crypto stolen from users.
“Over the past weekend, Check Point Research encountered hundreds of incidents in which crypto investors lost their money while trying to download and install well-known crypto wallets or change their currencies on crypto swap platforms like PancakeSwap or Uniswap,” CPR said.
“I just installed the phantom wallet and somehow I ended up downloading the scam,” one Reddit user said, adding, “I am somewhat new to wallets.”
The scam, CPR found, has also been hitting MetaMask and Phantom users, two popular crypto wallets, with scammers mimicking legitimate websites almost perfectly.
“Over the past weekend, researchers from CPR spotted multiple phishing websites that looked like the original website, because the scammers copied its design,” CPR added.
Phantom and MetaMaskFor the Phantom domain, users were encountering phishing domains like “phanton.app” or “phantonn.app,” as opposed to the legitimate “phantom.app.”
The same was true of the scammers’ MetaMask tactics, which saw domains like “MètaMask” appear via Google ad campaigns. In the case of MetaMask, the scammers were also trying to steal user private keys to access their wallets.
“What makes this phishing campaign unique is the fact that the scammers are not sending phishing links via email like traditional phishing scams,” CPR said. “Instead, they are using Google ad campaigns to make their phishing websites appear before the original site when anyone searches the keyword,” the group added.
But what can users do to protect themselves? CPR has provided cautionary steps for crypto users.
These include looking at the first website in your search and ensuring that it is not an ad. Users, CPR suggests, should also never give out their passphrase.
Last but not least, CPR says, “always double-check the URLs.”
Why this matters
This security story adds another data point to the current market tape and is useful when read alongside nearby source coverage.
Original source
Read on DecryptRelated market context
SecondFi is shutting down after Cardano wallet exploit
Cardano wallet firm SecondFi says it will not resume “normal operations” and will instead focus solely on “returning assets to aff...
SEC Drops MetaMask Case Against ConsenSys With No Fine or Wrongdoing
The SEC has closed its enforcement investigation into ConsenSys over MetaMask Swaps and MetaMask Staking, with no fine and no admi...
Coinbase World Cup error shows prediction markets still have a proof problem
A reported Coinbase announcement about a World Cup result, likely using AI, created a problem bigger than a flawed alert. It showe...
Ctrl Wallet to shut down after June security exploit, users urged to withdraw assets by August 3
The shutdown highlights the critical need for robust security measures in digital wallets, emphasizing user vigilance against pote...
German Bitcoin Transfers Put Fresh Pressure On Market As BKA Wallets Hit Exchanges
Germany’s seized Bitcoin stash is back at the centre of the market conversation after wallets linked to the country’s Federal Crim...
Coinbase co-founder Brian Armstrong wants investors to pass a financial literacy test instead of a wealth check
A shift to financial literacy tests could democratize investment access, potentially increasing capital flow into early-stage vent...