Customers of defunct crypto lender Celsius are reportedly being targeted by scammers impersonating the firm’s bankruptcy claim agent Stretto.
As reported by Bleeping Computer, Celsius filed for bankruptcy last year, stopping withdrawals from user accounts. Desperate customers have subsequently filed claims against the company in attempts to claw back at least some of their funds.
Now, they’re receiving phishing emails claiming to be from ‘Stretto Corporate Restructing’ that include a link to Seychelles-hosted phishing site claims-stretto[.]com.
Once a victim connects their wallet, the site will attempt to drain all assets and NFTs stored in it by disguising the transaction as a deposit.
According to Bleeping Computer, the attackers are likely using older contact lists previously stolen through hacked cryptocurrency marketing accounts. This is evidenced by the fact that a number of people have reported receiving the emails despite having never had any dealings with Celsius or filed as a creditor.
What makes this attack particularly dangerous is the fact that the emails pass Sender Policy Framework (SPF) checks, which determine if an email comes from a valid email server for the sending domain.
Celsius creditors who receive one of these emails are advised to ignore it and instead check for updates on the case at https://cases.stretto.com/celsius/. The legitimate site for Celsius claims is located at https://cases.stretto.com/celsius/claims/.