Celsius users targeted by phishing as restructuring nears
Bad actors have flooded X, impersonating the bankruptcy claim agent for Celsius to scam claimants.
Celsius users are targeted by a potential phishing email attack as the final court approval of its restructuring plan is anticipated on Oct. 2.
Several users reported on X they had received phishing emails pretending to be from Stretto, the Claims Agent for the Celsius bankruptcy proceeding.
One of the phishing emails shared with BleepingComputer was offering a creditor a 7-day exit window to claim their crypto frozen on Celsius. According to the details, the letter was sent using the address no-reply@stretto[.]com and passed Sender Policy Framework (SPF) checks.
The report also says the email includes a link that routes victims to the phishing website claims-stretto[.]com, registered on Sept. 19, 2023.
The fake copy of the Stretto official website lures users to enter their email address and connect to WalletConnect to get access to the victim’s crypto wallet. Once the victim connects their wallet with the phishing website, scammers can see private data such as crypto addresses, balances, and activity. They even send requests to make transactions from the victim’s wallet.
The scale of this particular phishing scheme remains unclear as a recipient of one of these emails told the media they did not have an account at Celsius.
Celsius plans to seek final court approval of its restructuring plan on Oct. 2, 2023. The firm would return some crypto deposits to retail customers as part of its plan. The remaining business assets would go to the Fahrenheit Group, a group of investors led by TechCrunch founder Michael Arrington.
Celsius claimed it had 1.7 million users at its peak and managed assets worth $11.7 billion in crypto. On June 13, 2022, the platform decided to freeze all customers’ funds, citing “extreme market conditions.” The unexpected move sent Bitcoin (BTC) price and other cryptos into a tailspin, causing a ripple effect in the market.