Emergency Security warning: Multiple sites including CoinGecko seem to be compromised. Be careful while making any txns

Looks like many sites have been hit with a front end attack. Some like Spirit Swap are reporting the attacker managed to change swap address by hacking into AWS..

[CoinGecko warning.](

>Security Alert: If you are on the CoinGecko website and you are being prompted by your Metamask to connect to this site, this is a SCAM. Don’t connect it. We are investigating the root cause of this issue.

Incomplete list of services that seem compromised as of now: Etherscan, Curve Finance, Coin Gecko, Spirit Swap. Many more could be too, till the team verifies or confirms them

Seems to be a front end hack where some kind of Metamask pop up keeps appearing when visiting these sites.

[Spirit Swap is reporting the attacker managed to change swap addresses for transactions to steal funds. ](

Users on Etherscan have also reported the same thing.

[Persistent connection dialog boxes that dont seem to go away. ](

View Source

42 thoughts on “Emergency Security warning: Multiple sites including CoinGecko seem to be compromised. Be careful while making any txns”

  1. Oh no worries. I just buy crypto and then change it into other crypto. I don’t actually use them or even know wtf they are. Don’t get me wrong, I’ve tried to understand it, it just doesn’t make any goddamn sense.

    Reply
  2. So the website is still operational when they know this is happening? Can someone confirm, they are able to stop traffic onto their website … right?

    Reply
  3. why would people think these websites need to connect to your meta mask though, they aren’t wallet providers and only show data on various cryptocurrencies I thought?

    Reply
  4. Shit, I wonder how long this has been going on before detected. About a week ago, I noticed that whenever I tried to use the Immutable X page with Metamask to buy some Gods Unchained card, there was a phishing attempt warning from Bitdefender. The Immutable X page was trying to connect to some page. When I looked it up, it looked like a legit service (but hey, anyone can create a fake page and have it be the top of Google search).

    Reply
  5. Hello Set1Less. It looks like you might have found a new scam? If so, please report this scam by crossposting to r/CryptoScams, r/CryptoScamReport, or visiting [scam-alert.io](http://scam-alert.io/). For tips on how to avoid scams, [click here](https://www.reddit.com/r/CryptoCurrency/comments/s7srty/crypto_scams_how_not_to_fall_for_them_what_to_do/).

    *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/CryptoCurrency) if you have any questions or concerns.*

    Reply
  6. What the fuck is this. How can companies like Coingecko even get compromised over something like this on their front end? Jesssus

    Reply
  7. If I understood correctly, SpiritSwap (Fantom) and QuickSwap (Polygon) were the victims of a GoDaddy hack (domain hijacking), and Etherscan, CoinGecko and DexTools due to a malicious ad from Coinzilla.

    Reply
  8. This! This is the reason we need systems where the wallets can have a fool-proof understanding of what a transaction will do so it’s transparent before signing anything and you dont need to connect with sites, enable spending for specific currencies, etc… The problem is that we are still using Solidity and other languages that have no native understanding of tokens or NFTs and so they can’t be enforced at a base level. Scrypto uses finite-state-machines for this and it seems to solve the problem of trust since it enables wallets to show you what will happen in a transaction, and nothing else can occur without it reverting, but all of Radix’s smart contract stuff is not quite on the mainnet so I’m not sure what the options are at the moment for systems that can/have designed away most wallet scams.

    Reply
  9. Anyone starting to think this along with the shit earlier this week is a concerted effort to take down crypto? Bank sector getting worried?

    Reply
  10. Wow, some group/person hacked into aws? I am willing to bet that they are either Russian or North Korean. No one else in their right mind would target Amazon.

    Reply
  11. This info is very helpful, thanks. Just when I thought I was losing trust in this sub, post like this restore my faith

    Reply
  12. Guys, I feel like this should be obvious, but DON’T use your browser with phantom/metamask/tronlink etc. on your normal browsing. Only use it when u want to actually access those wallets.

    I have a Chrome Dev installation that I only use for crypto web3 apps that connect to wallets. This way, in case I use etherscan or any “compromised” site on my regular browser install (Brave), I will not risk anything because there’s no wallet plugin in this browser.

    However, still this will most likely catch a lot of people that are not cautious. Would be great if MetaMask could integrate some kind of warning against this stuff..

    Reply

Leave a Comment