STEPN impersonators steal users’ initial phrases
Peckshield, a well-known blockchain security company, on Monday revealed the existence of numerous phishing websites for the Web3 lifestyle app STEPN. These sites insert a fake MetaMask plugin into the browser, with which they can steal seed phrases from unsuspecting STEPN users.
When the cybercriminals receive the seed, they gain full control over the user’s STEPN control panel, where they can connect their stolen wallets to theirs or participate in a free giveaway.
“PeckShield has detected many STEPN phishing sites. They install a bogus Metamask browser extension that steals your seed phrase, or invites you to plug in your wallets or distribute Claim, PeckShieldAlert says.
Peckshield urged STEPN users to contact support as soon as possible if they discover anything suspicious on their accounts. Some customers stated that they encountered problems, reported them to the support team and resolved the issue.
“I had exactly the same problem but it was fixed within minutes, as soon as I contacted the support at the link below, try it too mate!” Cristiano Ronaldo wrote.
However, STEPN has not yet given any official comments on this matter. The phishing notification came almost 20 hours after the Web3 lifestyle app ended its Twitter AMA session. Peckshield is a popular Twitter account where the cryptocurrency community can find out about hacks or phishing scams.
Also See: NFT Game Stepn How To Play And Earn?
STEPN (GMT) is a game based on Solana (SOL) where gamers buy non-fungible token (NFT) sneakers to start playing. The app tracks users’ movements via GPS on their mobile phones and issues them in-game tokens called Green Satoshi (GST). These coins can then be exchanged for USD Coin (USDC) or Solana (SOL) , allowing users to cash out.
Phishing attacks, scams, and protocol exploits are increasingly common in the cryptocurrency industry as decentralized finance (DeFi) and non-fungible tokens (NFTs) become more popular. These types of attacks are not new, but they are constantly evolving.
Last month, the Ronin Bridge used by the game Axie Infinity (AXS) was attacked, resulting in the theft of more than $600 million in Ethereum (ETH) and USD Coin stablekins. As recently reported, a botched DeFi platform heist failed to allow the attacker to collect $1 million in stolen cryptocurrencies. Earlier this year, $80 million in cryptocurrency was stolen from Qubit Finance when hackers cheated a protocol by simulating a deposit, allowing them to create a bridged currency asset.
Leave a Reply