FTX Customers Hit by 'Withdrawal' Phishing Mails After SIM Swap Attack

Woes for users of Sam Bankman-Fried's former company show no signs of stopping.

AccessTimeIconAug 29, 2023 at 6:44 a.m. UTC
Updated Aug 29, 2023 at 5:16 p.m. UTC

FTX customers continue to be plagued by issues several months after the exchange shut down, blocking millions of users from accessing billions in capital stored on the disgraced exchange.

Some former users are getting hit by a new phishing attack on their FTX-registered emails a week after Kroll, the claims agent in the bankruptcy proceedings, was impacted by a SIM swapping attack. The attack leaked personal information of customers, such as account balances, phone numbers and home addresses.

Customer data of other bankrupt crypto firms Genesis and lender BlockFi were also leaked in that attack. Crypto account passwords and other sensitive data weren’t affected, but customers were warned to be on the lookout for scammers impersonating parties in the bankruptcy.

Whoever got their hands on this goldmine of information lost no time in crafting hopeful emails that purport to return the lost capital to holders – as long as they first connect a crypto wallet to the account.

“You have been identified as an eligible client to begin withdrawing digital assets from your FTX account,” an email sent to several FTX creditors, viewed by CoinDesk, read. “Withdrawals will be dispatched in USDC matched to the balance of digital assets held in your wallet at the time of platform pause.”

“You can now withdraw to an external ERC20 wallet by clicking the withdraw now button,” the phishing mail states.

Connecting a wallet to such a phishing mail is likely to drain one’s token holdings, as it may request private key data to conduct the transfer.

SIM swapping happens when scammers contact your mobile phone's carrier and trick them into activating a SIM card that the fraudsters have. The scammers then target phone numbers and use a victim’s information to steal passwords, financial data, cryptocurrencies and other valuable items.

Meanwhile, on Saturday, FTX said it had taken a “precautionary measure of temporarily freezing affected user accounts within the customer claims portal.” The claims portal is an official platform where creditors can submit details about their accounts.

Edited by Parikshit Mishra.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Shaurya Malwa

Shaurya is the Deputy Managing Editor for the Data & Tokens team, focusing on decentralized finance, markets, on-chain data, and governance across all major and minor blockchains.

Read more about