Scam alert: $300,000 stolen by fake Blur airdrop websites
Scammers continue to prey on nonfungible token (NFT) users looking to claim Blur token airdrops through the use of numerous scam websites.
According to data from TrustCheck, over $300,000 has been stolen from unsuspecting users that have linked wallets to malicious websites.
The legitimate Blur platform is a newcomer to the NFT marketplace space and has made waves in the industry, with booming user numbers and trading volume a direct result of the platform’s three-phase airdrop incentive scheme. 10% of Blur’s total token supply was distributed to users based on their trading activity in its second token airdrop scheme from Feb. 15.
The first airdrop was retroactive, awarding tokens to anybody who traded an NFT on Ethereum in the six months leading up to the platform’s launch in October 2022. The second airdrop awarded tokens to users who listed NFTs before Dec. 6, while the third airdrop awarded tokens to users placing bids on the platform after the feature went live.
Related: What is a phishing attack in crypto, and how to prevent it?
Given the incentive program’s mechanics, many users have been looking to claim $BLUR tokens across the NFT ecosystem. This created an opportunity for scammers to promote fake airdrop links to malicious websites.
Data shared with Cointelegraph from Ethereum-based Web3 browser security extension TrustCheck reveals that over $300,000 worth of funds have been stolen from 24 different scam websites since Feb. 15. A handful of these websites are still functional, with users warned to be wary when connecting wallets.
A screenshot of a fake website looking to scam users attempting to claim $BLUR token airdrops. Source: TrustCheck
The websites make use of smart contracts that automatically prompt a transaction when users connect their ETH wallets. All the ETH from the wallet is then drained to a specific address, which has allowed TrustCheck to keep tabs on the number of funds stolen to date.
Tools like TrustCheck will flag suspicious websites and transactions, warning Web3 users of potential fake websites and smart contracts.
Blur has also been in the spotlight due to reports of users carrying out NFT wash trading in order to cash in on its token airdrop incentive scheme. However, data analytics carried out by data scientist Hildebert Moulié on Dune suggests that Blur’s NFT trading volumes are legitimate.
Fake websites and phishing attacks are commonplace across the internet, while scammers continue attempts to drain funds through Web3 functionality. In February 2023, a URL masquerading as the ETH Denver conference website was linked to a notorious phishing wallet address that has stolen over $300,000 to date.
Scammers also preyed on FTX investors using phishing websites in late 2022 that were scrambling to recoup funds after the implosion of the failed cryptocurrency exchange.