According to The Block, an email phishing scam targeting creditors of bankrupt cryptocurrency companies such as BlockFi and FTX has stolen at least $5 million worth of cryptocurrencies and NFTs in the past week, and the scam is still ongoing.
Web3 security expert Plumferno, on the X platform, discovered a sophisticated network phishing scam being executed by a customer using the malicious software tool “Pink Drainer,” with the source of the scam being fake emails impersonating BlockFi offering settlements and claims to creditors. Plumferno also received reports of similar phishing emails being sent to FTX users.
Plumferno suggests that the hackers likely obtained the email address list from stolen data of the email service provider Mailer Lite. Mailer Lite was hacked in January this year, leading to another major phishing scam that defrauded a large sum of money. Plumferno wrote on X:
Phishing email impersonating BlockFi officials (photo source: @Plumferno)
Data reviewed by The Block shows that since March 17th, nearly $4.5 million worth of Ether (ETH) has flowed into the wallet, with new transactions continuously appearing. Additionally, the wallet appears to have also sold several high-value NFTs, including Mutant Apes and Otherdeeds.
Plumferno also advises users to remain highly vigilant against any emails claiming to be from BlockFi, requesting you to click on any buttons or claim any assets, suggesting the use of wallet protection extensions, checking the sender and subject of emails, and verifying any website links before accessing them.
