Sophisticated Email Phishing Targets Bankrupt Crypto Firms’ BlockFi, FTX Creditors

Sujha Sundararajan
Last updated: | 1 min read

Crypto scammers are targeting the creditors of bankrupt digital asset firms FTX and BlockFi, according to online blockchain sleuth Plumferno.

FTX and BlockFi claimants received legit-looking fraudulent emails luring them with a promise of instant withdrawals of their remaining balances.

Source: X

“The emails appear to come from the BlockFi restructuring team with an update on their court case and offer affected users the chance to withdraw their remaining balances,” security expert Plumferno flagged in a thread on X (Twitter).

Creditors of these beleaguered exchanges have been waiting for their reimbursements ever since a New Jersey bankruptcy court approved BlockFi’s plan to refund Wallet customers in full in October 2023.

The scammers have made use of creditor’s frustrations to amass at least $7 million worth of digital assets and NFTs.

“Sophisticated ongoing phishing scam carried out by one of PinkDrainer’s customers, with losses (so far) of nearly $7 million over the last 5 days.”

Pink Drainer is a threat group which are predominantly phishing-oriented, targeting cryptocurrency investors.

The blockchain analyst further noted that some of the creditors are even unaware that they are being robbed.

“The worst part of this scam is that most of the assets have been stolen from dormant wallets – people who were likely affected by the BlockFi bankruptcy and haven’t touched the funds since,” the analyst wrote.

Additionally, this email scam is also prevailing among FTX creditors. The reimbursement update from legit-looking FTX mail said that the company is undergoing “restructuring efforts.”

“FTX is now moving forward with allowing all users to fully withdraw their assets,” the mail read.

BlockFi, FTX Creditors’ Email List Stolen From Mailer Lite’s Scam

Plumferno added that the perpetrators utilized a network of compromised emails from Mailer Lite’s data breach that occurred in January.

“It is very likely these emails are due to the MailerLite database breach in January,” Plumferno noted. “This is because the same sender info is present on both these fake BlockFi emails.”

The blockchain investigator first took notice of the scam after an influx of nearly $4.5 million in Ether entered the scammer’s wallet last week.

Additionally, per reports, scammers also received blue-chip NFTs, including Mutant Apes, and Otherdeed.