A smart contract has stolen more than $300,000 worth of Ethereum via phishing on a fake website of the popular Ethereum Denver conference.
More than 2,800 wallets infected
Hackers this week copied the popular conference’s website to trick users into connecting their MetaMask wallets, making the conference the latest victim of phishing. Blockfence, which identified the fraudulent website, reported that its associated smart contract infected more than 2,800 wallets and stole more than $300,000 in the past six months.
Over 177 ETH stolen
According to Blockfence CEO Omri Lahav, the scam prompted users to connect their MetaMask wallet via the usual button. However, when this was subsequently done, a malicious function was executed and money was stolen from victims.
According to the Blockfence research team, the smart contract responsible for this has already stolen more than 177 Ethereum (ETH). The smart contract was drawn up in mid-2022. Blockfence said the following about this:
Since the smart contract was implemented almost 6 months ago, it is possible that it has been used on other phishing websites as well.
The hackers reportedly even went so far as to pay for a Google ad to promote the malicious website’s URL, taking into account the high search trends, with ETH Denver taking place on February 24 and 25. The fake website appeared 2nd on a Google search, above the real ETH Denver website. As a result, it was expected that a lot could be stolen unnecessarily. Finally, it is not known whether a solution will be found (in the short term).