Hackers Started Scamming Crypto Users with Phishing
Hackers have decided that using the good old phishing technique in the vastness of Web3 is not a bad idea. This time, ETHDenver suffered, with hundreds of thousands of dollars stolen.
Phishing is an old method of scamming someone. It is simple to execute, but it does not work very well if the victim knows the basics of digital hygiene. The essence of phishing is to create a complete copy of a website that will collect data entered by the user. Hackers most often use this method on social networks, as well as in SMS or emails.
The phishing scam is as follows:
- The hacker sends the user a link and an enticing message. Moreover, the link is often designed to look similar to the link of the legitimate site. For example, instead of "facebook.com" it might be written as "faceboook.com".
- If the user clicks on the link, they are directed to a site that looks nearly identical to the original. A form for entering login and password information appears on the site.
- If the user does not notice anything strange, they may enter their information. This information is then sent to the hackers.
Here is such a simple scheme, designed to take advantage of the user's negligence. There are even more complex types of phishing, where the user doesn't need to enter anything at all, but just needs to open a link so that the hacker can gain access to data or even the device. Therefore, you shouldn’t open any links or files if you don't trust the person who sent them.
Hackers are now using this old scam to deceive users of various crypto technologies. Recently, the ETHDenver project website fell victim to such a sting, as tweeted by Blockfence.
Another day, another scam.
— Blockfence (@blockfence_io) February 20, 2023
This time the scammer targeted the @EthereumDenver website. Blockfence is here to protect you and fight scammers together: The scam contract was marked as "High Risk" by our ML algorithm and our partners at @GoplusSecurity pic.twitter.com/Jdtoz2Bgu4
Blockfence CEO, Omri Lahav, told Cointelegraph the details of this scam. According to Lahav, hackers have been using the fake ETHDenver website since mid-2022. During which, they were able to steal over 177 ETH.
Lahav said that the smart contract executing the scam had stolen over 177 ETH since its deployment midway through 2022:
— Cointelegraph (@Cointelegraph) February 21, 2023
“Since the smart contract was deployed almost six months ago, it’s possible that it was used on other phishing websites.”
If Omri Lahav is correct, then ETHDenver did not notice the fake site for six months, because they wrote about its existence a few hours before the Blockfence message. Additionally, it is strange that Google placed an advertisement for a fake site when searching for "ethdenver".
Hello Fellow Bufficorns!!
— ETHDenver 🏔🦬🦄 (@EthereumDenver) February 20, 2023
Please be aware that there is a FAKE ETHDenver website that is asking for you to connect your wallet.
“Go-ETHDenver” is not us. Please report the site! pic.twitter.com/1dt4hYmfvO
Dear reader, if you do not want to become a victim of phishing, then always carefully examine the name of the site in the address bar. Do not open links and files from unknown sources, and do not enter your data until you are sure that everything is safe. And we continue to observe.