Affected FTX cryptocurrency exchange customers received fake withdrawal mailings
Affected FTX cryptocurrency exchange customers received a fake withdrawal mailing
The mailing came to FTX-registered addresses a week after the hack of contractor Kroll
Customers of the bankrupt crypto exchange FTX received phishing emails with a link to a fake website that promised a withdrawal of funds from the affected user's account. This followed an attack via SIM swapping (aka SIM swiping) on one of the employees of a company that handles claims from the exchange's customers, Coindesk reported.
"You have been identified as a customer eligible to start withdrawing digital assets from your FTX account <...> You can now withdraw funds to an external ERC20 wallet by clicking the 'Withdraw Now' button," the emails read.
A link from the email leads to a phishing site mimicking a legitimate FTX page requesting authorization through an Ethereum cryptocurrency wallet (such as MetaMask). When the wallet is connected, a malicious smart contract (a so-called drainer) is triggered, causing the victim's wallet to be debited of all available assets.
The mailing came to FTX-registered email addresses a week after Kroll, the site's bankruptcy claims agent, was hit by a SIM swap attack. The attack leaked customers' personal information such as account balances, phone numbers, and home addresses.
The attack also leaked customer data of other bankrupt cryptocurrency companies, Genesis and BlockFi. Passwords to cryptocurrency accounts and other sensitive data were not affected, but customers were warned to be cautious as scammers may pose as participants in the bankruptcy process, the publication writes.
In August, it was reported that crypto exchange FTX would sell $3 billion worth of cryptocurrencies to compensate customers in dollars. Hedging risks will help to avoid a drop in the value of cryptocurrency assets worth more than $3 billion, according to lawyers of the crypto exchange.
Earlier, a hacker from the United States received a prison sentence for stealing $20 million worth of cryptocurrency through SIM card swapping. The criminal deceived customer service and gained control over the SIM cards of future victims, after which he hacked cryptocurrency wallets.
- OnlyFans founder OnlyFans disclosed losses from cryptocurrency investments
- U.S. Treasury to introduce tax rules for cryptocurrency
- JPMorgan predicted a "limited downturn" in the cryptocurrency market
- US authorities accidentally sent $55k in cryptocurrency to a fraudster
- Mastercard and Binance will stop cooperating on cryptocurrency cards
- Nodal Power raises $13 million to mine cryptocurrencies in landfills
- Robinhood has become the third largest holder of $3 billion worth of bitcoin