Peckshield, a well-known blockchain security company, on Monday exposed the existence of numerous phishing websites for the STEPN Web3 application. According to their data, which they published on their Twitter page, the attackers insert a fake MetaMask crypto wallet plugin, with which they easily gain access to seed phrases from unsuspecting STEPN users. By gaining access to seed phrases, hackers also gain access to all user assets in the STEPN app, thereby they can transfer assets to their wallets or “claim” distribution, adds Peckshield.
Peckshield also urged all STEPN users to contact support as soon as possible if they find anything suspicious in their accounts. It is known that many users have already contacted the support service and solved the problem.
“I had exactly the same problem, but it was solved in a matter of minutes, as soon as I contacted the support service using the link below, you can try it too,” one of the active users of the STEPN project tweeted.
However, STEPN representatives have so far remained silent on this matter. The phishing notification allegedly appeared 20 hours after the app ended its AMA session on Twitter.
STEPN is a unique real-time NFT game where the app tracks the user’s movements and sports activity using GPS and then rewards them with NFT Green Satoshi Tokens (GSTs). These coins can then be exchanged for USD Coin (USDC) or Solana (SOL), allowing users to cash out. In order to become a member and start earning from your sports activities throughout the day, you need to purchase virtual NFT sneakers or rent them from one of the users.
Read Also: Reasons Why Non-Fungible Tokens Are a Good Way to Invest in Cryptocurrencies
Phishing attacks, ragpools, and protocol exploits have become especially popular as decentralized finance (DeFi) and non-fungible tokens (NFTs) are booming. These types of attacks are not new, but they are constantly evolving to take advantage of users in a variety of ways.
Last month saw the largest attack on the Ronin blockchain, resulting in the theft of over $600 million. It is known that government hackers from North Korea were behind the attack. The crypto community and large exchanges are actively engaged in recovering losses. Earlier this year, $80 million in cryptocurrency was stolen from Qubit Finance . And this month, the popular project Bored Ape Yacht Club was hacked at least three times. So, for example, yesterday, representatives of the project shared this on Twitter, saying that about $ 40 million in the form of tokens was stolen. However, this amount can be many times higher.