As I noted last month, the crypto lending firm BlockFi has started to send back to its customers some of their funds which had been frozen for over a year, since the demise of Sam Bankman-Fried’s FTX exchange led to BlockFi likewise vanishing into the mists of Chapter 11. As BlockFi emerges from bankruptcy, they are reimbursing customers in two tiers. Those who had crypto sitting in their “wallet” on the platform (not lent out and not earning interest), got back 100%. In my case, nearly all my assets on BlockFi were on the lending platform, earning juicy interest. For that class of assets, only a partial recovery is expected. Also, BlockFi will only send to you the crypto (e.g. Bitcoin or USDC) you owned as the crypto coin itself, not as the liquidated dollar value.
Therefore, you must establish an outside crypto wallet, and give them the external wallet address, so they can transfer the coin over a blockchain. This prospect of a connection between BlockFi (or its bankruptcy agent, Kroll) and your crypto wallet has brought out the scammers in force: if they can trick you into connecting them to your wallet, they can suck it dry in a flash.
The first thing I noticed back in early March was the proliferation of web sites that looked legit, but weren’t. When I browsed for “BlockFi withdrawal” or “BlockFi recovery,” up came a number of sites that had “BlockFi” or “Kroll” somewhere in their names, as clickbait. I don’t see any of these sites now, a month later. I assume that either those sites have been taken down as the thieves move onto the next heist, or the search engines have blotted them out.
Bogus phishing emails have also been sent out. Most insidious was an expertly-crafted email that I and other BlockFi customers received. Here is a screen shot of the now-infamous message:
As folks have pointed out, this looks pretty good. It has got the official company logo, and no misspellings. The return address on the email was BlockFi Holdings at www.everbridge.com. Unless you were vigilant, this address did not immediately raise suspicions like a random Gmail address or .ru address might.
Plus, this email was targeted to BlockFi customers, and came right when we were expecting further emails to tell us what steps to take to recovery our funds. How did the thieves have our email addresses? One speculation centers around the “Mother of All Breaches” (MOAB) when the Mailer Lite database was hacked in January. But we know that Kroll’s database was breached last year, where the lost data includes BlockFi customers’ names, email addresses, and amounts held at BlockFi, so that seems a more direct source.
Anyway, lots of BlockFi customers clicked on the link in this email. The thieves were pretty clever. First, they had you scrawl your signature on the screen. So now they have that archived, in order to do further ID theft mischief. And then, they had you connect their app to your wallet, as a trusted dApp. Over on Reddit (here and here), you can read the howls of pain from folks who got their wallets cleaned out. They are not alone – -as of late March, this scam had netted something like $5 million in digital assets.
An eerie thing about crypto is that the holdings at any address on the blockchain are public knowledge, even though you don’t know who the owner of that address is. So crypto sleuth Plumferno was able to display at least one of the BlockFi scammer’s wallets in the process of accumulating stolen assets:
This wallet (0x6C0e83422cD73fFD3A5EC4506638F6A0A8e22b38) currently holds well over $1million in Eth + various tokens combined, and as you can see, this scam is still very active – new victims are showing up in the transaction list quite regularly. Current holdings on Debank:
I am embarrassed to admit that I got taken in by this email. I tried clicking on the links, but fortunately my wallet was empty and my anti-malware resisted having me connect to the phishing site, so I did not lose any coin. Some takeaways are:
( 1 ) Always be suspicious of emails; especially scrutinize the return address, to make sure it really is from a source you trust. Watch for almost-legit email addresses.
( 2 ) If at all possible, avoid clicking on links in emails; try to go to the actual company website and click links from there.
( 3 ) See ( 1 )
Credit: Source link