We would like to thank everyone for the urgency expressed in signaling the recent issue to us, our partners, and other users of the crypto community.
Our team has resolved the issue and is currently working closely with advertisers and publishers on mitigating the impact of the malicious attack and on preventing it from happening again.
We will use this post to paint a better picture of what happened. But before that, we would like to mention that none of our publishers nor advertisers are at fault for this event.
Table of Contents
What happened exactly
The ill-intended party inserted a malicious script in an HTML5 banner which managed to pass our automated security checks.
He then published a campaign, acting as an affiliate for one of our major advertisers. The campaign was live for close to an hour. As soon as our team was made aware of the issue, they stopped his campaign and locked his account.
Once the campaign was live and delivered impressions, it would greet users with a pop-up that asked them to connect their wallet, impersonating the MetaMask.
It would then notify the user that they won a free Bored Ape NFT and ask them to sign the message.
After signing, the user was asked to approve access to their funds. Approving that access would lead to a drainage of the WETH from the user’s account.
After stopping the malicious campaign and locking the user’s account, our team started working with advertisers and publishers to mitigate the situation.
We stopped the delivery of all external HTML5 banners and are manually reviewing and recreating internally this type of ad.
We also blocked all external resources and are working on putting more security measures in place, to prevent this issue from happening.
At the moment, we are in direct contact with all the affected websites and discussing ways to offer support to affected users.
How to avoid falling for this sort of attack
Always pay extreme attention when dealing with crypto transactions, even on trusted websites.
Malicious parties will try to take advantage of any opportunity to drain your crypto wallet. Ensure that the webpage you landed on is legitimate, has an active SSL, and remember – if something seems too good to be true, it’s probably a scam.