Threat Actors Taking Advantage of FTX Bankruptcy 

Tips & Advice

Authored by Oliver Devane 

It hasn’t taken malicious actors long to take advantage of the recent bankruptcy filing of FTX,  McAfee has discovered several phishing sites targeting FTX users.  

One of the sites discovered was registered on the 15th of November and asks users to submit their crypto wallet phrase to receive a refund. After entering this phrase, the creators of the site would gain access to the victim’s crypto wallet and they would likely transfer all the funds out of it. 

Upon analyzing the website code used to create the phishing sites, we noticed that they were extremely similar to previous sites targeting WalletConnect customers, so it appears that they likely just modified a previous phishing kit to target FTX users.  

The image below shows a code comparison between a website from June 2022, and it shows that the FTX phishing site shares most of its code with it.  

McAfee urges anyone who was using FTX to be weary of any unsolicited emails or social media messages they receive and to double-check the authenticity before accessing them. If you are unsure of the signs to look for, please check out the McAfee Scam education portal (https://www.mcafee.com/consumer/en-us/landing-page/retention/scammer-education.html) 

McAfee customers are protected against the sites mentioned in this blog 

Type  Value  Product  Detected 
URL  ftx-users-refund[.]com  McAfee WebAdvisor  Blocked 
URL  ftx-refund[.]com  McAfee WebAdvisor  Blocked 

Products You May Like

Articles You May Like

North Korea Hackers Using New “Dolphin” Backdoor to Spy on South Korean Targets
‘Black Proxies’ Enable Threat Actors to Conduct Malicious Activity
McAfee Personal Data Cleanup: Your Partner in Living a More Private Online Life
Oracle Fusion Middleware Vulnerability Actively Exploited in the Wild: CISA
Researchers Detail AppSync Cross-Tenant Vulnerability in Amazon Web Services

Leave a Reply

Your email address will not be published. Required fields are marked *