Threat Actors Taking Advantage of FTX Bankruptcy 

Tips & Advice

Authored by Oliver Devane 

It hasn’t taken malicious actors long to take advantage of the recent bankruptcy filing of FTX,  McAfee has discovered several phishing sites targeting FTX users.  

One of the sites discovered was registered on the 15th of November and asks users to submit their crypto wallet phrase to receive a refund. After entering this phrase, the creators of the site would gain access to the victim’s crypto wallet and they would likely transfer all the funds out of it. 

Upon analyzing the website code used to create the phishing sites, we noticed that they were extremely similar to previous sites targeting WalletConnect customers, so it appears that they likely just modified a previous phishing kit to target FTX users.  

The image below shows a code comparison between a website from June 2022, and it shows that the FTX phishing site shares most of its code with it.  

McAfee urges anyone who was using FTX to be weary of any unsolicited emails or social media messages they receive and to double-check the authenticity before accessing them. If you are unsure of the signs to look for, please check out the McAfee Scam education portal (https://www.mcafee.com/consumer/en-us/landing-page/retention/scammer-education.html) 

McAfee customers are protected against the sites mentioned in this blog 

Type  Value  Product  Detected 
URL  ftx-users-refund[.]com  McAfee WebAdvisor  Blocked 
URL  ftx-refund[.]com  McAfee WebAdvisor  Blocked 

Products You May Like

Articles You May Like

LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages
DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages
Thousands Download Malicious npm Libraries Impersonating Legitimate Tools
US Government Issues Cloud Security Requirements for Federal Agencies
CISA and EPA Warn of Cyber Risks to Water System Interfaces

Leave a Reply

Your email address will not be published. Required fields are marked *