A well-known blockchain security company, Peckshield, has disclosed that several online phishing platforms mimicking Stepn (a Web3-based lifestyle application) are actively working nowadays. A fake browser plugin for MetaMask is inserted by the attackers via which they potentially gain access to the unsuspecting Stepn customers’ seed phrases, per Peckshield.
After acquiring the respective seed phrase, the cybercriminals get a full-fledged control over the dashboard of the Stepn consumers, where the stolen wallets may be connected by them to the ones in their possession or can be claimed as giveaways. Peckshield took to its formal Twitter account to inform this, stating that many phishing sites have been identified by the security platform. It has persuaded the clients to get support as earliest as possible on finding anything unusual related to their accounts.
A few consumers disclosed that they had undergone problems, and then reported them to have support as well as the resolution of the issues. A consumer shared a Twitter post mentioning having encountered an analogous situation however asserted that the problem was resolved within minutes after the user contacted the support team. Nonetheless, no formal comments have been given by Stepn up till now.
The notification regarding phishing attacks was witnessed within 20 hours following the AMA session of the Web3-based lifestyle application was accomplished by it on Twitter spaces. The position of Peckshield is that of a renowned account on Twitter where substantial knowledge and awareness are provided to the crypto community regarding phishing scams or hacks. A game based on Solana, STEPN, permits the consumers to purchase NFT (non-fungible token) sneakers to start playing it.
The movement of the consumers is monitored on the behalf of the application via the GPS existing on the mobile phones of the clients and they are provided with in-game tokens named GSTs (Green Satoshi Tokens). After this the customers can trade the tokens in exchange for SOL (Solana) or USDC (USD Coin), having the ability to even cash them out.
Protocol exploits, rug pulls, and phishing attacks have turned more predominant across the crypto industry as NFTs (non-fungible tokens) and DeFi (decentralized finance) have gained a lot of popularity. Such attacks do not count to be unique, nevertheless are gradually advancing, taking benefit from consumers in diverse ways. In the previous month, an attack was witnessed on Axie Infinity-based Ronin bridge where up to $600m worth of USD Coin and ETH (Ether) was robbed.