Ethereum Denver conference website is the latest phishing target of a smart contract that has stolen over $300,000 in Ether.
This week, hackers duplicated the popular conference’s website in order to trick users into connecting their MetaMask wallets. Over the past six months, Blockfence, the company that identified the fraudulent website, reported that the smart contract accessed over 2,800 wallets and stole over $300,000. ETHDenver also issued a warning to its Twitter followers about the malicious website.
According to Blockfence CEO Omri Lahav, users were prompted to connect their MetaMask wallets via the standard “connect wallet” button. The website requests a transaction, which, if accepted, executes the malicious function and steals the users’ funds.
The incident was discovered by Blockfence’s research team while tracking various industry trends. Lahav claimed that the smart contract used to carry out the scam had stolen over 177 ETH since its deployment in the middle of 2022:
“Since the smart contract was deployed almost six months ago, it may have been used on other phishing websites.”
Hackers had even paid for a Google advertisement to promote the malicious website’s URL, banking on high search trends with ETHDenver taking place on February 24 and 25. A Google search yielded the fake website second, ahead of the official ETHDenver website.