A prominent blockchain security firm has exposed the existence of numerous phishing websites that are targeting the Web3 lifestyle fitness app, STEPN. According to PeckShield, hackers insert a forged MetaMask browser plugin through which they can then steal the seed phrases from unsuspecting STEPN users.

The STEPN move-to-earn platform has experienced tremendous growth in 2022, with over 100,000 daily active users reported as of March. Some users may be new to cryptocurrency and therefore more vulnerable to hackers.

When these cybercriminals obtain the seed phrase, they gain complete control over the STEPN user’s dashboard.  They are then able to connect their stolen wallets to their own or “claim” a giveaway according to PeckShield.

PeckShield has urged STEPN users to contact support as soon as possible if they detect anything suspicious with their accounts. Some customers stated they had encountered issues, reported them to support and resolved the problem.

STEPN however has yet to provide any official remarks about the hackers. The phishing notification was reported nearly 20 hours after the Web3 lifestyle app finished its AMA session on Twitter spaces. PeckShield is a popular Twitter account where the cryptocurrency community may learn about hacks or phishing scams.

STEPN is a Solana-based move-to-earn game where users buy non-fungible token (NFT) sneakers to begin playing. The app monitors users’ movement through the GPS on their mobile phones and gives them in-game tokens called Green Satoshi Tokens (GSTs). These tokens can then be traded for USD Coin (USDC) or Solana (SOL), allowing users to cash out.

Phishing attacks, rug pulls and protocol exploits have become more prevalent in the cryptocurrency industry as decentralized finance (DeFi) and NFTs have become popular. These types of attacks are not new, but they are continually evolving to take advantage of users in different ways.

Related: Trezor investigates potential data breach as users cite phishing attacks

In March, the Ronin bridge on Axie Infinity was attacked and robbed of more than $600 million in Ether (ETH) and USD Coin. As reported by Cointelegraph recently, in a cryptocurrency heist gone wrong, an attacker fumbled their getaway at the finish line, leaving behind over $1 million in stolen crypto. Earlier this year, $80 million in crypto was stolen from Qubit Finance. Hackers duped the protocol into thinking they had put down collateral which allowed them to mint a bridged currency asset.

Disclaimer: Although the material contained in this website was prepared based on information from public and private sources that chiliznews.com believes to be reliable, no representation, warranty or undertaking, stated or implied, is given as to the accuracy of the information contained herein, and chiliznews.com expressly disclaims any liability for the accuracy and completeness of the information contained in this website.