Hackers were able to seize control of the email address of cryptocurrency exchange Uphold – and blast its users with a link to a Bitcoin (BTC) giveaway scam.
Fraudsters sent links to a phishing campaign, designed to dupe investors out of their coins. To fool users, the attackers disguised the fake giveaway as a special Black Friday deal.
The malicious email read that when sending from 0.1 to 50 BTC to the specified address, the user will receive a bonus of 15% of the investments.
Four hours later, Uphold sent out another email to alert users of the phishing attempt and warn them against participating in the sham “giveaway.”
“This is a phishing attempt,” – the company wrote in all caps. – “Do not send funds to the address given. Do not click on the link.”
It remains unclear how widely the email circulated or how many people fell for it.
“Uphold HAS NOT BEEN HACKED. Uphold’s mail service account may have been compromised. We are investigating”, – wrote Uphold in its Twitter.
Later, the team wrote that scam address from phishing email had been blacklisted and compromised external mail service account had been shut down.
“All systems are normal. This phishing attack has been contained. We thank our members for remaining vigilant and participating in the community. We will be rolling out a series of anti-phishing controls over the coming weeks”, – wrote the exchange team.