FTX Customers Hit by 'Withdrawal' Phishing Mails After SIM Swap Attack
Woes for users of Sam Bankman-Fried's former company show no signs of stopping.
Aug 29, 2023 at 6:44 a.m. UTCFTX customers continue to be plagued by issues several months after the exchange shut down, blocking millions of users from accessing billions in capital stored on the disgraced exchange.
Some former users are getting hit by a new phishing attack on their FTX-registered emails a week after Kroll, the claims agent in the bankruptcy proceedings, was impacted by a SIM swapping attack. The attack leaked personal information of customers, such as account balances, phone numbers and home addresses.
Customer data of other bankrupt crypto firms Genesis and lender BlockFi were also leaked in that attack. Crypto account passwords and other sensitive data weren’t affected, but customers were warned to be on the lookout for scammers impersonating parties in the bankruptcy.
Whoever got their hands on this goldmine of information lost no time in crafting hopeful emails that purport to return the lost capital to holders – as long as they first connect a crypto wallet to the account.
“You have been identified as an eligible client to begin withdrawing digital assets from your FTX account,” an email sent to several FTX creditors, viewed by CoinDesk, read. “Withdrawals will be dispatched in USDC matched to the balance of digital assets held in your wallet at the time of platform pause.”
“You can now withdraw to an external ERC20 wallet by clicking the withdraw now button,” the phishing mail states.
Connecting a wallet to such a phishing mail is likely to drain one’s token holdings, as it may request private key data to conduct the transfer.
SIM swapping happens when scammers contact your mobile phone's carrier and trick them into activating a SIM card that the fraudsters have. The scammers then target phone numbers and use a victim’s information to steal passwords, financial data, cryptocurrencies and other valuable items.
Meanwhile, on Saturday, FTX said it had taken a “precautionary measure of temporarily freezing affected user accounts within the customer claims portal.” The claims portal is an official platform where creditors can submit details about their accounts.
DISCLOSURE
Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
:format(webp)/s3.amazonaws.com/arc-authors/coindesk/6c6bb5af-692c-4fcf-9f8b-a75d0549effd.png)
Shaurya is the Deputy Managing Editor for the Data & Tokens team, focusing on decentralized finance, markets, on-chain data, and governance across all major and minor blockchains.
Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.