Phishing campaign is stealing cryptocurrencies from Metamask and Phantom wallet users

Texas could raise funds through NFT and harness 'abundant' energy to mine Bitcoin

Phishing campaign is stealing cryptocurrencies from Metamask and Phantom wallet users By Hannah perez

The fraudulent campaigns used Google to rank fake websites and have stolen at least half a million dollars from cryptocurrency users.


Users of digital wallets Metamask and Phantom They are the target of a massive new wave of phishing attacks that has stolen at least $ 500,000 worth of cryptocurrencies.

A recent investigation of Check Point Research (CPR) warned about a “massive search engine phishing campaign”Which has caused losses of almost half a million dollars to cryptocurrency users.

According to CPR, in the last few days “multiple events”In which hundreds of cryptocurrency users have had their funds stolen while trying to download and install well-known wallets, such as Metamask or Phantom. Users of popular decentralized exchange (DEX) platforms such as PancakeSwap or Uniswap, have also been victims of the attacks.

Over the past weekend, Check Point Research found hundreds of incidents where crypto investors lost their money trying to download and install billtyou were crypto known or exchange your coins on crypto exchange platforms like PancakeSwap or Uniswap.

Fraudulent website ads on Google

According to research, fraudulent campaigns they used search engine ads – like Google – to target digital wallet users. They then employed fake URLs and websites to allow scammers to steal wallet passwords and access cryptocurrency funds stored in those wallets, CPR said.

See also  Federal authorities seize USD $34 million in cryptocurrencies in Florida - DiarioBitcoin

It should be noted that in phishing attacks, cyber attackers pose as a trusted person, company, website or application to steal funds.

In the particular case of the campaign that alerted CPR, the hackers mimicked the wallet platforms of Metamask and Phantom, as well as the websites of PancakeSwap and Uniswap. For example, for Phantom, the attackers used Phishing domains such as “” or “”, as opposed to the legitimate domain: “”.

Over the past weekend, CPR researchers spotted several phishing websites that looked like the original website, because the scammers copied its design.

According to some reports, the imitations were so similar that it was unnoticeable for many users, especially for the less experienced. I just installed the ghost wallet and somehow ended up downloading the scamSaid one Reddit user citing the research, adding: “I’m something new in wallets“.

Beware of weird URLs

The report also gave an example how cyber scammers used a Google ad campaign to steal users’ private keys and access their wallets MetaMask. The private key, which acts as a sort of master key to access funds from an address, allowed attackers to steal the funds.

To carry out these attacks, malicious users applied the same tactic with MetaMask. They used domains with names very similar to the legitimate one, such as “MètaMask“Or”“, And they advertised the fraudulent websites on popular search engines like Google. That way, when people searched for keywords on the Internet, the first thing that came up was ads from fraudulent websites.

See also  Ethereum 2.0 comes out of the emergency by centralization

The team of Check Point Research highlighted that this type of phishing attack was more elaborate than usual, precisely because of the tactics used by hackers who took advantage of search engines such as Google to position their scams.

What makes this phishing campaign unique is the fact that scammers don’t send phishing links via email like traditional phishing scams. Instead, they are using Google ad campaigns to make their phishing websites appear before the original site when someone searches for the keyword.

To protect yourself from potential phishing attacks like this one, CPR recommended to cryptocurrency users that “refrain from clicking on ads and only use direct and well-known URLs“.

Recommended reading

Sources: CPR, CoinDesk, Decrypt

Hannah Estefanía Pérez’s version / DailyBitcoin

Image from Unsplash

Leave a Comment

Your email address will not be published.