Looks like many sites have been hit with a front end attack. Some like Spirit Swap are reporting the attacker managed to change swap address by hacking into AWS..
>Security Alert: If you are on the CoinGecko website and you are being prompted by your Metamask to connect to this site, this is a SCAM. Don’t connect it. We are investigating the root cause of this issue.
Incomplete list of services that seem compromised as of now: Etherscan, Curve Finance, Coin Gecko, Spirit Swap. Many more could be too, till the team verifies or confirms them
Seems to be a front end hack where some kind of Metamask pop up keeps appearing when visiting these sites.
[Spirit Swap is reporting the attacker managed to change swap addresses for transactions to steal funds. ](
Users on Etherscan have also reported the same thing.
[Persistent connection dialog boxes that dont seem to go away. ](