It appears hackers were able to seize control of the email address of cryptocurrency exchange desk Uphold – and blast its users with a link to a Bitcoin giveaway scam.
Scammers sent links to a phishing campaign, designed to dupe naive investors out of their coins. To fool users, the attackers disguised the fake giveaway as a special Black Friday deal.
The malicious email was sent out on November 21 at around 19:50 UTC. Four hours later, Uphold sent out another email to alert users of the phishing attempt and warn them against participating in the sham “giveaway.”
“THIS IS A PHISHING ATTEMPT,” the company wrote in all caps. “Do not send funds to the address given. Do not click on the link.”
It remains unclear how widely the email circulated or how many people fell for it. At the time of writing though, the address associated with the malicious campaign has received only two payments, for a total off a little over $2,200 worth of Bitcoin.
“We are investigating the incident,” the exchange desk wrote. “The Uphold platform and member funds remain completely secure and unaffected.”
The company has since tweeted the email “was not sent” by its team, but it did come from an official Uphold address, according to emails reviewed by Hard Fork.
Cheap Bitcoin for Black Friday
The malicious email promised users a 15-percent return on any sums between 0.1 and 50 BTC (or roughly between $450 and $222,000).
“The surprise is out! For the upcoming days until Black Friday, we are launching our Bitcoin Bucket Discount!,” the email read. “Get 15 [percent] back on your Bitcoin holdings with Uphold.”
“Mike sends 1 BTC to the Bucket Wallet and receives 1.15 BTC back on Black Friday,” the malicious campaign continued. “Thank you for supporting Uphold since day one!”
Hard Fork has since obtained a copy of the phishing email:
Giveaway scams
While giveaway scams are not uncommon in the blockchain space, hackers primarily targeted victims on Twitter so far. Now it seems the giveaway scheme has extended to email campaigns.
For what it’s worth, this isn’t the first time hackers have used email to target victims. Earlier this year, attackers lifted over $1 million after sending out a malicious email campaign to hundreds of BeeToken investors.
In any case, it seems Uphold messed up big time on this one. We have contacted the company for further details, and will update our piece accordingly if we hear back.
And for those of you that didn’t get the memo: If someone is offering you Black Friday discounts on cryptocurrency purchases, it’s probably a scam.
Get the TNW newsletter
Get the most important tech news in your inbox each week.