Pudgy Penguins Launched A New Game. Crypto Scammers Made A Fake Version

A fake website impersonating Pudgy Penguins’ recently launched Pudgy World browser crippled is attempting to bargain cryptocurrency wallet passwords, cybersecurity steadfast Malwarebytes Labs warned Tuesday.

In a report, Malwarebytes said the phishing operation, pudgypengu-gamegifts[.]live, uses highly convincing replicas of crypto wallet interfaces to deceive users. “Some features are tied to integer collectibles and in-game items stored successful cryptocurrency wallets. That means the authoritative crippled sometimes asks players to link a crypto wallet to verify ownership of items oregon unlock further features,” Stefan Dasic, elder malware probe technologist and study writer said.

“The phishing tract abuses that step: When a visitant selects their wallet connected this fake site, it shows what appears to beryllium that wallet’s ain unlock screen. To the user, it looks for each the satellite similar the existent crypto wallet bundle they already trust.”

Phishing remains 1 of the astir wide forms of cybercrime. According to the FBI’s Internet Crime Complaint Center (IC3), phishing and spoofing scams accounted for 193,407 complaints successful 2024, with reported losses exceeding $70 million. It is not known if anyone has fallen unfortunate to this peculiar site.

What is Pudgy World?

The informing comes a week aft the motorboat of Pudgy World, a free-to-play browser crippled tied to the Pudgy Penguins NFT brand. The game, which went unrecorded connected March 10, allows players to research a virtual world, customize penguin avatars and implicit quests, with immoderate features requiring users to link cryptocurrency wallets.

Pudgy Penguins has grown rapidly since being acquired by CEO Luca Netz successful 2022, expanding from an NFT postulation into a broader user marque with retail products, a mobile crippled and present a browser-based game. The postulation has a level terms of 4.25 ETH ($9,500), according to CoinGecko, acold beneath 88.3% its December 2024 precocious of 36.33 ETH.

Dasic said the timing of the run appears deliberate, coinciding with the game’s motorboat and the influx of caller users unfamiliar with crypto wallet information practices.

“The scope of wallets targeted is besides significant. The run leaves astir nary wallet unsighted spot," helium said. "Whether the unfortunate holds Ethereum, Solana, oregon multi-chain assets, determination is simply a convincing forgery waiting for them.”

“Building 11 wallet-specific UI forgeries is not a trivial undertaking," Dasic added, noting that it suggests either a "well-resourced menace actor" oregon the reuse of a commercialized phishing kit built for this people of attack.

Such tactics are communal successful crypto-related scams, wherever attackers registry domains that intimately lucifer morganatic ones oregon manipulate hunt ads to look authentic. For example, fraudsters whitethorn nonstop retired official-looking emails utilizing a domain with “.qov” alternatively of “.gov” successful the hopes radical won’t announcement the flimsy difference.

Pudgy Penguins has antecedently been targeted by scammers utilizing fake sites. In December 2024, blockchain information steadfast Scam Sniffer warned that attackers were utilizing malicious Google ads to impersonate Pudgy Penguins platforms and instrumentality users into connecting their wallets.

Users are advised to entree authoritative sites lone done trusted bookmarks, debar clicking links from societal media oregon nonstop messages, and retrieve that morganatic wallet password prompts bash not look wrong webpage content. Malwarebytes besides recommended changing wallet passwords instantly if credentials were entered connected a suspicious tract and considering moving funds to a caller wallet if compromise is suspected.

Pudgy Penguins has been approached for comment.