Email phishing scam targeting BlockFi, FTX creditors reels in millions and counting

Quick Take

  • A sophisticated email phishing scam which appears to be targeting creditors of bankrupt crypto companies such as BlockFi and FTX has continuously reeled in at least $5 million worth of cryptocurrency and NFTs over the past week, showing no signs of stopping. 
  • A security expert has linked the scam to the Pink Drainer kit, a popular tool for operating such scams, and an email database breach. 

An Ethereum wallet with an ENS name too crude to publish has amassed millions of dollars over the past week in cryptocurrency and NFTs in what appears to be a sophisticated scam operation. 

Security expert Plumferno first flagged the operation in a thread on X, who said with the help of a few friends she was able to uncover the source of the wallet's stolen crypto: a series of phishing emails purportedly sent from crypto firms BlockFi and FTX, and possibly others, to creditors of the now-bankrupt companies. 

It's possible that the hacker obtained the list of email addresses from data originally stolen from email service Mailer Lite, which was hacked in January, leading to a separate phishing scam that reeled in big bucks, Plumferno said. 

This email, purportedly from BlockFi, is actually a sophisticated phishing attempt.

"The worst part of this scam is that most of the assets have been stolen from dormant wallets - people who were likely affected by the BlockFi bankruptcy and haven't touched the funds since," Plumferno wrote in her thread. "It may also be likely that some of these victims are still unaware they've been robbed."

Blockchain data reviewed by The Block shows inflows of nearly $4.5 million in ether into the wallet since March 17, with more transactions arriving by the second. In addition, the wallet appears to have stolen and sold several high-value NFTs including Mutant Apes, Otherdeeds, and more. 

Crypto phishing attacks are an increasingly common vector of attack for cybercriminals, with $300 million stolen in such attacks last year alone. Even experienced figures in the crypto industry occasionally fall victim to such scams, underscoring the need for care when interacting with new protocols. 


Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.

© 2024 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Zack Abrams is a writer and editor based in Brooklyn, New York. Before coming to The Block, he was the Head Writer at Coinage, a Web3 media outlet covering the biggest stories in Web3. The story he co-reported on Do Kwon won a 2022 Best in Business Journalism award from SABEW. Other projects included a deep dive into SBF's defense based on exclusive documents and unveiling the identity of the hacker behind one of 2023's biggest crypto hacks — so far. He can be reached via X @zackdabrams or email, [email protected].