FTX Customers Hit by 'Withdrawal' Phishing Mails After SIM Swap Attack
Woes for users of Sam Bankman-Fried's former company show no signs of stopping.
Aug 29, 2023 at 6:44 a.m. UTC
/arc-photo-coindesk/arc2-prod/public/LXF2COBSKBCNHNRE3WTK2BZ7GE.png)
FTX customers continue to be plagued by issues several months after the exchange shut down, blocking millions of users from accessing billions in capital stored on the disgraced exchange.
Some former users are getting hit by a new phishing attack on their FTX-registered emails a week after Kroll, the claims agent in the bankruptcy proceedings, was impacted by a SIM swapping attack. The attack leaked personal information of customers, such as account balances, phone numbers and home addresses.
Customer data of other bankrupt crypto firms Genesis and lender BlockFi were also leaked in that attack. Crypto account passwords and other sensitive data weren’t affected, but customers were warned to be on the lookout for scammers impersonating parties in the bankruptcy.
Whoever got their hands on this goldmine of information lost no time in crafting hopeful emails that purport to return the lost capital to holders – as long as they first connect a crypto wallet to the account.
“You have been identified as an eligible client to begin withdrawing digital assets from your FTX account,” an email sent to several FTX creditors, viewed by CoinDesk, read. “Withdrawals will be dispatched in USDC matched to the balance of digital assets held in your wallet at the time of platform pause.”
“You can now withdraw to an external ERC20 wallet by clicking the withdraw now button,” the phishing mail states.
Connecting a wallet to such a phishing mail is likely to drain one’s token holdings, as it may request private key data to conduct the transfer.
SIM swapping happens when scammers contact your mobile phone's carrier and trick them into activating a SIM card that the fraudsters have. The scammers then target phone numbers and use a victim’s information to steal passwords, financial data, cryptocurrencies and other valuable items.
Meanwhile, on Saturday, FTX said it had taken a “precautionary measure of temporarily freezing affected user accounts within the customer claims portal.” The claims portal is an official platform where creditors can submit details about their accounts.
:format(webp)/s3.amazonaws.com/arc-authors/coindesk/6c6bb5af-692c-4fcf-9f8b-a75d0549effd.png)
Shaurya is the Deputy Managing Editor for the Data & Tokens team, focusing on decentralized finance, markets, on-chain data, and governance across all major and minor blockchains.