Fake Ethereum Denver website linked to notorious phishing wallet

cointelegraph.com:

A fake website of the popular Ethereum Denver conference is the latest phishing target of a red-flagged smart contract that has stolen over $300,000 worth of Ether (ETH).

The popular conference saw its website duplicated by hackers this week in order to trick users into connecting their MetaMask wallets. According to Blockfence, which identified the fraudulent website, the smart contract has accessed more than 2,800 wallets and stolen over $300,000 over the past six months.

Another day, another scam. This time the scammer targeted the @EthereumDenver website. Blockfence is here to protect you and fight scammers together: The scam contract was marked as "High Risk" by our ML algorithm and our partners at @GoplusSecurity pic.twitter.com/Jdtoz2Bgu4

ETHDenver also issued a notice to its followers on Twitter warning of the malicious website.

Hello Fellow Bufficorns!!Please be aware that there is a FAKE ETHDenver website that is asking for you to connect your wallet.“Go-ETHDenver” is not us. Please report the site! pic.twitter.com/1dt4hYmfvO

Blockfence CEO Omri Lahav told Cointelegraph that users were prompted to connect their MetaMask wallets via the usual “connect wallet” button. The website prompts a transaction that, if approved, carries out the malicious function and steals the users’ funds.

Blockfence’s research team identified the incident while tracking different trends in the industry. Lahav said that the smart contract executing the scam had stolen over 177 ETH since its deployment midway through 2022:

Hackers had gone as far as paying for a Google advertisement to promote the malicious website’s URL, banking on search trends being high, with ETHDenver taking place on Feb. 24 and 25. The fake website appeared second on a