Guardio, a cybersecurity startup focused on keeping user information and identity secure, has unearthed a sophisticated web of phishing campaigns targeting MetaMask users connecting to some of the world’s leading metaverse and NFT brands, including OpenSea, Decentraland, and The Sandbox.
In ablog post, Guardio claims that the attackers have successfully stolen hundreds of thousands of dollars worth of different digital assets drawn from the world’s most popular browser wallet, MetaMask.
The hackers ran a well-executed phishing campaign through a mix of stealthy black hat SEO tactics and malicious Google AdWords campaigns which saw thousands, if not tens of thousands of innocent metaverse and NFT users, funneled to cloned websites of prominent NFT and metaverse brands before losing valuable digital assets. Hackers expertly and deceivingly cloned OpenSea’s website, for example, making it harder for new users to distinguish between the fake and original site.
On these fake sites’ landing pages, users were asked to submit their passphrases, that is, the private keys, to connect to the portal. However, on innocently submitting private keys, hackers could immediately restore users’ wallet content, stealing assets.
Malicious actors successfully pulled out this phishing campaign because it purposely targeted metaverse and NFT users. Considering the rise of NFTs and metaverse over the past few months, millions of crypto users worldwide are interested in exploring and owning rare digital assets with digital provenance. Most are tech-savvy and crypto holders, hopping between platforms, acquiring or trading NFTs. It is based on this background and propped by the fast-paced nature of the sphere that hackers managed to fleece users of their hard-earned assets running in their thousands.
Furthermore, the situation was exacerbated by the high functionality of leading NFT and metaverse websites that typically integrate a complex web flow of wallets. Roping in the popularity of MetaMask and the need for wallet holders to first approve transactions before being irreversibly posted on the mainnet meant more users, especially novices, were caught unawares.
According to records, there are over 10 million active MetaMask downloads in the Chrome browser alone. While the hot wallet is secure and is behind the NFT, metaverse, and DeFi revolution, the decentralization of control to end-users introduced fallibilities given the weight of being responsible for custody. In the past few years, most hackers have been turning their strategy, running dark phishing campaigns targeting end users keen on exploring the lucrative DeFi and NFT sphere.
Slowing Down Before Approving Can Be a Life-Saver
Although the blockchain can provide provenance of ownership, forfeiting access to the all-commanding private keys can be disastrous to the end-users. It is precisely why most phishing campaigns aim to squeeze out passphrases of leading non-custodial wallets like MetaMask.
Once they get hold of these gems, they can restore the wallet and transfer content to third-party agents, leading to painful losses. To prevent falling prey, metaverse users should practice due diligence and never reveal their private keys to third parties. At the same time, they should always check the URL of websites of leading portals before connecting and always double-check dApps requesting access before approving to be on the safe side.