Users of crypto wallets MetaMask and Phantom, as well as the crypto swap platform PancakeSwap, have been targeted in a crypto phishing scam involving at least half a million dollars being stolen, according to a Check Point Research (CPR) report.
CPR said that in the past few days there have been “multiple events” in which hundreds of crypto wallet users have had their funds stolen while trying to download and install well-known wallets, or change their currencies on crypto swap platforms such as PancakeSwap or Uniswap.
The scam campaigns used search engine advertisements to target crypto wallet users. They then employed fake URLs and websites to allow scammers to steal wallet passwords and access crypto funds held in wallets, said CPR.
The report gives an example of how an attacker uses a Google ad campaign to steal the user’s private key and access their MetaMask wallet by giving them a phrase that allows them to steal the funds upon transfer.
CPR advised crypto wallet users to “refrain from clicking on ads and only use direct, known URLs.”