CAUTION!! Hackers are stealing security phrases from STEPN users, security experts warn

When these cybercriminals get the security phrase, they get full control over the STEPN user panel.

Peckshield, a major blockchain security company, exposed the existence of several phishing sites for the Web3 STEPN lifestyle application on Monday. Hackers insert a forged MetaMask browser plug-in, through which they can steal initial phrases from unsuspecting STEPN users, according to Peckshield.

Peckshield has asked STEPN users to contact support as soon as possible if they detect something suspicious in their accounts. Some customers stated that they encountered problems, reported them to support and solved the problem.

However, STEPN has not yet provided official comments on this. The phishing notification arrived almost 20 hours after the Web3 lifestyle app ended its Q&A session on Twitter. Peckshield is a popular Twitter account where the cryptocurrency community can learn about hacks or phishing scams.

STEPN is a game based on Solana where players buy NFT tennis to start playing. The application monitors the movement of users through GPS on their mobile phones and provides in-game tokens called Green Satoshi Tokens (GSTs). These currencies can be traded for USD Coin (USDC) or Solana (SOL), allowing users to withdraw them.

Phishing attacks, carpet pulls and protocol explorations have become more prevalent in the cryptocurrency industry as decentralized finance (DeFi) and non-fungible tokens (NFTs) became popular. These types of attacks are not new, but they are continuously evolving to take advantage of users in different ways.

Last month, the Ronin bridge in the Axie Infinity was attacked and stolen for more than $600 million in Ether (ETH) and USD Coin. As reported by Cointelegraph recently, in a cryptocurrency theft that went wrong, an attacker got in the way at the finish line, leaving behind more than $1 million in stolen cryptocurrencies. Earlier this year, $80 million in cryptocurrencies was stolen from Qubit Finance when hackers tricked the fingindor protocol that they had deposited guarantees, allowing them to mint a bridged cryptoasset.