Hackers continue to create fake Web3-enabled websites to fleece unsuspecting victims’ browser-based wallets, with ETHDenver being the latest victim.
A fake website of the popular Ethereum Denver conference is the latest phishing target of a red-flagged smart contract that has stolen over $300,000 worth of Ether.
The popular conference saw its website duplicated by hackers this week in order to trick users into connecting their MetaMask wallets. According to Blockfence, which identified the fraudulent website, the smart contract has accessed more than 2,800 wallets and stolen over $300,000 over the past six months.
ETHDenver also issued a notice to its followers on Twitter warning of the malicious website.
Blockfence CEO Omri Lahav told Cointelegraph that users were prompted to connect their MetaMask wallets via the usual “connect wallet” button. The website prompts a transaction that, if approved, carries out the malicious function and steals the users’ funds.
Blockfence’s research team identified the incident while tracking different trends in the industry. Lahav said that the smart contract executing the scam had stolen over 177 ETH since its deployment midway through 2022:
“Since the smart contract was deployed almost six months ago, it’s possible that it was used on other phishing websites.”
Hackers had gone as far as paying for a Google advertisement to promote the malicious website’s URL, banking on search trends being high, with ETHDenver taking place on Feb. 24 and 25. The fake website appeared second on a Google search, above the actual ETHDenver website.
Hacks and scams continue to be commonplace in the cryptocurrency ecosystem. 2022 saw over $2.8 billion of cryptocurrency stolen through a variety of hacks and exploits.