navbar
News & events
Official Statement on the Recent Malicious Attack 
Bogdan Cretu Avatar Bogdan Cretu
May 14, 2022
2 min read

We want to thank everyone for the swift response in reporting the recent issue to us, our partners, and others in the crypto community. 

Our team has resolved the problem and is now working closely with advertisers and publishers to reduce the impact of the malicious attack and implement stronger safeguards to prevent it from happening again. 

We’re sharing this post to explain exactly what went down—but first, it’s important to make one thing clear: none of our publishers or advertisers were responsible for the incident

What Exactly Happened 

A malicious actor managed to insert a harmful script into an HTML5 banner, which unfortunately passed our automated security checks. 

They launched a campaign while posing as an affiliate for one of our major advertisers. The campaign ran for just under an hour. As soon as our team was alerted, we took immediate action—shutting down the campaign and locking the user’s account. 

Once the campaign was live and began serving impressions, users were met with a pop-up impersonating MetaMask. It prompted them to connect their wallet. 

After that, it claimed they had won a free Bored Ape NFT and asked them to sign a message. Once the message was signed, the user was then asked to approve access to their funds. Approving it gave the attacker access, leading to a drain of WETH from the user’s wallet. 

How We Responded 

After disabling the malicious campaign and locking the attacker’s account, our team immediately began working with advertisers and publishers to minimize the damage. 

We’ve paused the delivery of all external HTML5 banners and are now manually reviewing and internally recreating this type of ad content. 

We also blocked all external resources and are implementing additional security measures to ensure this kind of issue doesn’t happen again. 

Right now, we’re in direct contact with all affected websites and are actively discussing how we can support impacted users. 

How to Avoid Falling For This Type of Scam 

Be extremely cautious with crypto transactions—even on websites you trust. 

Malicious actors always look for ways to trick users and drain their wallets. Double-check that the site you’re on is legitimate and has a valid SSL certificate, and always remember: if it sounds too good to be true, it probably is.

Keep reading
News & events Coinzilla Turns 5 | We’re Celebrating Growth 
Bogdan Cretu
Nov 9, 2021
4 min read
News & events Beware of the Coinzilla Desktop App scam
Bogdan Cretu
Nov 15, 2022
1 min read
News & events Official Statement About the Coinzilla Fake Token
Bogdan Cretu
Oct 22, 2022
1 min read
image-get-started

Get your brand in front of the right audience.

Get Started
Scroll to Top

Our top picks

User guides Creating Your First Crypto Advertising Campaign with Coinzilla
Bogdan Cretu
Oct 22, 2022
15 min read
User guides Coinzilla Marketplace Offers Explained
Bogdan Cretu
May 18, 2022
8 min read
User guides Campaign Tracking | How to Successfully Track Your Campaigns 
Bogdan Cretu
Oct 1, 2019
10 min read
introducing card deposits on coinzilla
Product updates Card Deposits Now Available on Coinzilla
Bogdan Cretu
Jan 16, 2025
2 min read
Contact Our Sales Team
Send us a message
footer-ilustration footer-ilustation