Scam alert: $300K stolen by fake Blur airdrop websites

Ethereum

Scammers continue to prey on nonfungible token (NFT) users looking to claim Blur (BLUR) token airdrops through numerous scam websites.

According to data from TrustCheck, over $300,000 has been stolen from unsuspecting users that have linked wallets to malicious websites.

The legitimate Blur platform is a newcomer to the NFT marketplace space, making waves in the industry with booming user numbers and trading volume directly resulting from the platform’s three-phase airdrop incentive scheme. 10% of Blur’s total token supply was distributed to users based on their trading activity in its second token airdrop scheme from Feb. 15.

The first airdrop was retroactive, awarding tokens to anybody who traded an NFT on Ethereum in the six months leading up to the platform’s launch in October 2022. The second airdrop awarded tokens to users who listed NFTs before Dec. 6, while the third awarded tokens to users placing bids on the platform after the feature went live.

Related: What is a phishing attack in crypto, and how to prevent it?

Given the incentive program’s mechanics, many users have been looking to claim BLUR tokens across the NFT ecosystem. This created an opportunity for scammers to promote fake airdrop links to malicious websites.

Data shared with Cointelegraph from Ethereum-based Web3 browser security extension TrustCheck, reveals that over $300,000 worth of funds have been stolen from 24 different scam websites since Feb. 15. A handful of these websites are still functional, with users warned to be wary when connecting wallets.

The websites use smart contracts that automatically prompt transactions when users connect their Ether (ETH) wallets. All the ETH from the wallet is then drained to a specific address, which has allowed TrustCheck to keep tabs on the number of funds stolen to date.

Tools like TrustCheck will flag suspicious websites and transactions, warning Web3 users of potential fake websites and smart contracts.

Blur has also been in the spotlight due to reports of users carrying out NFT wash trading in order to cash in on its token airdrop incentive scheme. However, data analytics carried out by data scientist Hildebert Moulié on Dune suggests that Blur’s NFT trading volumes are legitimate.

Fake websites and phishing attacks are commonplace across the internet, while scammers continue attempts to drain funds through Web3 functionality. In February 2023, a URL masquerading as the ETHDenver conference website was linked to a notorious phishing wallet address that has stolen over $300,000 to date.

In late 2022, scammers also preyed on FTX investors by using phishing websites scrambling to recoup funds after the implosion of the failed cryptocurrency exchange.