BlockFi and FTX Lenders Stolen Millions of Dollars Using Phishing Scam

Clients of the bankrupt crypto platforms BlockFi and FTX were sent a rather convincing phishing letter claiming to belong to the platforms, asking them to confirm their wallets to complete the withdrawal of the remaining funds.

According to this Reddit thread, many users fell victim to this clever scam and had their crypto wallets emptied. In just five days, losses from the ongoing fraud amounted to $7 million.

A researcher under the nickname Plum notes that scammers managed to steal millions in just five days.

Source: X-account of a researcher under the nickname Plum

Phishing attack
BlockFi was a digital asset lender but filed for bankruptcy protection after losing access to its funds following the bankruptcy of cryptocurrency exchange FTX and the closure of Silicon Valley Bank.

In October 2023, BlockFi completed bankruptcy and announced that customers would be able to claim their remaining crypto assets in stages over the course of several months.

The organizers of the current phishing attack pretended to be the BlockFi team. It was done quite professionally: no typos, correct text construction and high-quality imitation of the brand (including the BlockFi logo).

Phishing email pretending to be BlockFi (Source: BlockFi)

The fraudulent emails come from the address "[email protected]" and do not appear to have been caught by email clients' spam filters as potentially malicious.

Victims receive emails from purported restructuring teams with updates on court cases. Users are offered the opportunity to withdraw digital assets by clicking on a link to confirm wallet ownership.

Some recipients note that they received these emails to an email address they used exclusively for BlockFi. According to user Plum, these emails were likely intercepted as a result of the January MailerLite database hack . Similar emails, but with a different company logo, were also sent to FTX customers/creditors.
In August 2023, attackers managed to gain access to personal information of bankruptcy applicants of BlockFi, FTX and Genesis, which was stored by the consulting firm Kroll , responsible for managing claims on their behalf.
BlockFi's response
BlockFi issued a release Friday about an increase in phishing attempts against its customers.
“As we approach the completion of the first phase of withdrawals through the BlockFi app, we expect an increase in phishing attempts and spam calls,” the company said in a statement.
The company advises customers to be especially wary of phishing attacks via email and to be alert to unusual forms of communication such as calls, text messages or social media posts.

Customers who have fallen victim to this recent phishing scam and have connected their wallets to the website should immediately revoke smart contract access and app access to their wallet.
AML Crypto opinion
Previously, our team has repeatedly noted that phishing is one of the most popular favorite schemes among scammers. It can be simple to implement, reach many potential victims, and generate millions of dollars for its organizers. The current situation with BlockFi and FTX is further confirmation of this.

In this article we described this scheme in detail, indicated precautions and steps to take if you do fall for the scammers’ trick.

We also remind you that you can check your crypto wallet for purity, perform an AML address check, track a transaction - this and not only you can do in our solution Btrace. Free AML wallet verification for every new user. If a message that seems suspicious to you contains a cryptocurrency address, be sure to check it.
Check blockchain address using Btrace
In seconds, determine the risk level of the counterparty’s address, find out the source of his funds and make an informed decision about interacting with him.




We also recommend