Join Our Telegram channel to stay up to date on breaking news coverage
With the start of the new year, crypto prices have slowly started to recover from a year-long bear market, which started bringing investors back into the industry. People are becoming more willing to invest in projects, and various events that the industry participants are organizing are attracting attention once more.
This also makes it a perfect time for hackers to launch phishing campaigns and once again rob unsuspecting newcomers to the industry. Security researchers have already reported one such campaign, where the hackers have created a fake website of the popular Ethereum Denver conference. The campaign is also tied to a smart contract that contains over $300,000 in stolen ETH coins.
The wallet tied to the scam stole $300k in crypto
Ethereum Denver is, of course, a real conference and a very popular one, at that. However, its website has been duplicated by online criminals who seek to trick users into connecting their MetaMask wallets to the fake site. On the other end, the hackers would be able to see their login credentials, and empty their wallets by sending the funds to their own smart contract.
The fake site was identified by researchers from Blockfence, which reported it on Twitter. They said that the red-flagged smart contract has accessed over 2,800 crypto wallets over the past three months, stealing over $300k in digital currencies.
Another day, another scam.
This time the scammer targeted the @EthereumDenver website. Blockfence is here to protect you and fight scammers together: The scam contract was marked as "High Risk" by our ML algorithm and our partners at @GoplusSecurity pic.twitter.com/Jdtoz2Bgu4— Blockfence (@blockfence_io) February 20, 2023
After learning of the fake website, ETHDenver also notified the followers, warning them of the scammers. “Please be aware that there is a FAKE ETHDenver website that is asking for you to connect your wallet. “Go-ETHDenver” is not us. Please report the site,” they said.
Hello Fellow Bufficorns!!
Please be aware that there is a FAKE ETHDenver website that is asking for you to connect your wallet.
“Go-ETHDenver” is not us. Please report the site! pic.twitter.com/1dt4hYmfvO
— ETHDenver 🏔🦬🦄 (@EthereumDenver) February 20, 2023
Hackers used Google advertisement to promote the fake site
Omri Lahav, the CEO of Blockfence, said that users who arrived at the fake website saw the usual Connect Wallet button that allowed them to connect their MetaMask wallets. The site then prompts a transaction that carries out a malicious function if the users approve it. After that, the users’ funds are as good as gone.
Blockfence also shared that they discovered the new campaign by tracking different trends in the crypto sector. Blockfence CEO added that the smart contract tied to the scam was deployed in mid-2022. Since then, it has managed to steal around 177 ETH. He also noted that it is possible that the same contract was used on other phishing sites.
The hackers have gone quite far to promote their fake Ethereum Denver site, even paying for Google advertisement to promote the URL. They counted on high interest in the conference, which would lead users to search for it, and run into their website first, rather than the real one.
The conference itself will take place in three days, on February 24th and 25th. The fake site actually appeared second on a Google search, which made the scam quite successful.
Related
- Halborn security firm warns of phishing campaign on MetaMask
- MetaMask warns of potential iCloud phishing attacks
- New Phishing Bot Detected by MetaMask
Most Searched Crypto Launch - Pepe Unchained
- Layer 2 Meme Coin Ecosystem
- Featured in Cointelegraph
- SolidProof & Coinsult Audited
- Staking Rewards - pepeunchained.com
- $40+ Million Raised at ICO - Ends December
Join Our Telegram channel to stay up to date on breaking news coverage