Scammers are impersonating the bankruptcy claim agent for crypto lender Celsius in phishing attacks that attempt to steal funds from cryptocurrency wallets.
In July 2022, crypto lender Celsius filed for bankruptcy and froze withdrawals from user accounts. Customers have since filed claims against the company, hoping to recover a portion of the funds.
Over the past few days, people have reported receiving phishing emails pretending to be from Stretto, the Claims Agent for the Celsius bankruptcy proceeding.
A recipient shared the phishing email with BleepingComputer, which claims to offer creditors a 7-day exit window to claim their frozen funds.
The email says they are from "Stretto Corporate Restructing," using the email address [email protected], as shown below.
Celsius phishing emailSource: BleepingComputer
The phishing email includes a link to the website case-stretto[.]com, which redirects the recipient to the phishing site claims-stretto[.]com below. The claims-stretto[.]com domain was registered today and is hosted at a web hosting provider in the Seychelles.
The legitimate Stretto site for Celsius claims is located at https://cases.stretto.com/celsius/claims/.
Phishing site impersonating Celsius claims siteSource: BleepingComputer
The page prompts visitors to enter their email address to withdraw their claim, and when the submit button is pressed, it opens a WalletConnect prompt to connect your installed cryptocurrency wallet with the website.
Prompt to connect crypto walletSource: BleepingComputer
If you connect a wallet, the site will now have access to all the information stored within it, including crypto addresses, balances, activity, and the ability to suggest transactions.
MetaMask connectionSource: BleepingComputer
With this connection in pl ..
Support the originator by clicking the read the rest link below.
