Phishing attack impacts Celsius bankruptcy claimants

BleepingComputer reports that individuals who have filed claims against bankrupt cryptocurrency lender Celsius have been subjected to phishing attacks involving the impersonation of the lender's claims agent, Stretto. Attackers claiming to be from "Stretto Corporate Restructuring" have been sending phishing emails purporting to offer a seven-day exit window for frozen fund claiming among creditors, which includes a link redirecting to a phishing site that sought targets' email addresses. Clicking on the submit button establishes a connection with targets' cryptocurrency wallets, enabling threat actors to have complete access to wallet information, which could then be used to facilitate cryptocurrency asset theft. Further examination of the phishing campaign revealed that the malicious emails were able to evade Sender Policy Framework checks as attackers used the IP address of email marketing company SendGrid to deliver the messages. While no confirmation of SendGrid account compromise has been given by Stretto, Celsius claimants have been urged to ignore emails concerning the lender's claims.