STEPN impersonators stealing users' seed phrases, warn security experts

Published at: April 25, 2022

Peckshield, a prominent blockchain security firm, exposed the existence of numerous phishing websites for the Web3 lifestyle app STEPN on Monday. Hackers insert a forged MetaMask browser plugin through which they can steal seed phrases from unsuspecting STEPN users, according to Peckshield.

When these cybercriminals obtain the seed phrase, they gain complete control over the STEPN user's dashboard where they may connect their stolen wallets to their own or "claim" a giveaway as per Peckshield.

#PeckShieldAlert #phishing PeckShield has detected a bath of @Stepnofficial phishing sites. They insert a false Metamask browser extension leading to stealing your seed phrase or prompt you to connect your wallets or “Claim” giveaway. @Metamask @Coinbase @WalletConnect @phantom pic.twitter.com/cmWUcprMAN

— PeckShieldAlert (@PeckShieldAlert) April 25, 2022

Peckshield has urged STEPN users to contact support as soon as possible if they detect anything suspicious with their accounts. Some customers stated they had encountered issues, reported them to support and resolved the problem.

I was experiencing Just the same issue but was fixed in minutes soon as I reached out to the support team with the link below, give it a try too mate!https://t.co/l36cJerNm2

— cristian ronaldo (@cristianronal24) April 25, 2022

However, STEPN has yet to provide any official remarks about it. The phishing notification arrived nearly 20 hours after the Web3 lifestyle app finished its AMA session on Twitter spaces. Peckshield is a popular Twitter account where the cryptocurrency community may learn about hacks or phishing scams.

STEPN is a Solana-based game where gamers buy nonfungible token (NFT) sneakers to begin playing. The app monitors users' movement through the GPS on their mobile phones and gives them in-game tokens called Green Satoshi Tokens (GSTs). These coins can then be traded for USD Coin (USDC) or Solana (SOL), allowing users to cash out.

Phishing attacks, rug pulls and protocol exploits have become more prevalent in the cryptocurrency industry as decentralized finance (DeFi) and nonfungible tokens (NFTs) have become popular. These types of attacks are not new, but they are continually evolving to take advantage of users in different ways.

Related: Trezor investigates potential data breach as users cite phishing attacks

Last month, the Ronin bridge on Axie Infinity was attacked and robbed of more than $600 million in Ether (ETH) and USD Coin. As reported by Cointelegraph recently, in a cryptocurrency heist gone wrong, an attacker fumbled their getaway at the finish line, leaving behind over $1 million in stolen crypto. Earlier this year, $80 million in crypto was stolen from Qubit Finance when hackers duped the protocol into thinking they had put down collateral, allowing them to mint a bridged currency asset.

Tags
Adoption
Blockchain
Nft
Ethereum
Cryptocurrencies
Defi
Hacks
Hackers
Phishing
Related Posts
OpenSea planned upgrade stalls as phishing attack targets NFT migration
Just yesterday, OpenSea announced a smart contract upgrade, which requires users to migrate their listed NFTs from Ethereum (ETH) blockchain to a new smart contract. As a direct result of the upgrade, users that don't migrate over from Ethereum risk losing their old, inactive listings — which currently require no gas fees for migration. Major nonfungible token (NFT) marketplace OpenSea has reportedly fallen victim to an ongoing phishing attack within hours after announcing a week-long planned upgrade to delist inactive NFTs on the platform. However, the urgency and short deadline opened up a small window of opportunity for hackers. Within …
Adoption / Feb. 20, 2022
Crypto hacks are set to hit all-time highs in 2022, analyst explains
Reducing the amount of hacking by improving cybersecurity should be considered a top priority for the crypto industry, said Kim Grauer, director of research of blockchain intelligence firm Chainalysis. As pointed out by the firm, this year could outpace 2021 in terms of crypto stolen through hacks. The vast majority of these exploits have been targeting the field of decentralized finance. “This can't go on in the industry because people are going to lose faith in investing in DeFi platforms”, Grauer said in an interview with Cointelegraph. Unlike centralized exchanges, which have improved their resiliency to crypto hacks, decentralized protocols …
Blockchain / Oct. 19, 2022
Crypto wallets: An important battlefront to gain wallet share and mind share
Digital wallets are software constructs that mimic physical wallets and provide the functionality of storing, using and categorizing payment instruments. The journey of digital wallets started with payments and morphed to other forms of stubs such as digital passes, tickets and boarding passes. However, crypto wallets attempt to redefine the digital wallet landscape as something more than safe storage of payment and crypto instruments. With more than 100 crypto wallets and growing, this sector in the cryptosphere is getting crowded and adding further complexity to an already fragmented blockchain and digital asset space. As I study this space and try …
Decentralization / Aug. 29, 2021
Ethereum white paper predicted DeFi but missed NFTs: Vitalik Buterin
Rounding up the last decade, Ethereum co-founder Vitalik Buterin revisited his predictions made over the years, showcasing a knack for being right about abstract ideas than on-production software development issues. Buterin started the Twitter thread by addressing his article dated Jul. 23, 2013 in which he highlighted Bitcoin's (BTC) key benefits — internationality and censorship resistance. Buterin foresaw Bitcoin’s potential in protecting the citizens’ buying power in countries such as Iran, Argentina, China and Africa. However, Buterin also noticed a rise in stablecoin adoption as he saw Argentinian businesses operating in Tether (USDT). He backed up his decade-old ideas around …
Adoption / Jan. 2, 2022
Bored Ape Yacht Club NFTs stolen in Instagram phishing attack
As told by Bored Ape Yacht Club (BAYC) developers on Monday, hackers breached the popular nonfungible token (NFT) collection’s official Instagram page and shared links to a fake airdrop with the project’s followers. Crypto enthusiasts who connected their MetaMask wallets to the scam website were subsequently drained of their Ape NFTs. It appears that the attack was planned to coincide with the one-year anniversary of the launch of the BAYC collection, thus increasing the “perceived credibility” of the phishing link. Unconfirmed reports on social media indicate that approximately 100 NFTs were stolen during the phishing attack. Based on data from …
Adoption / April 25, 2022