FTX Creditors Targeted by Fake Airdrop Scam

The latest fraud targeting FTX creditors is a meticulously crafted phishing scheme centered on a non-existent token distribution. On September 24, prominent creditor advocate Sunil Kavuri exposed the scam, sharing a screenshot of a deceptive email that informed recipients they were eligible for an ‘ASTER’ token airdrop. The message directed them to connect their crypto wallets to a website masquerading as an official claims portal. ASTER is the legitimate native token of a decentralized exchange platform connected to Binance founder Changpeng Zhao, which is currently distributing 8.8% of its token allocation to community members. This use of a real project’s name adds a layer of credibility to the scam, making it more convincing to potential victims.

Kavuri was quick to clarify that the claims website is entirely fraudulent, created with the sole intention of draining the digital assets of anyone who interacts with it. He urgently warned creditors to exercise extreme caution, advising them to verify any announcements exclusively through trusted official channels on Telegram and X (formerly Twitter). ‘Projects that give airdrops to FTX creditors will only do so through trustworthy sources/posts,’ Kavuri stated, emphasizing the need for rigorous verification. This incident highlights the persistent vulnerability of the creditor community, whose personal data was compromised in the Kroll breach, making them prime targets for such socially engineered attacks.

This fraudulent airdrop scheme is not an isolated incident but part of a distressing pattern of cybercrime that has plagued FTX creditors since the exchange’s implosion. Notably, these phishing campaigns tend to intensify during critical moments, such as when the bankrupt estate is on the verge of making creditor repayments. This timing suggests that fraudsters are strategically exploiting periods of heightened creditor anticipation and activity, using stolen data to craft highly targeted and believable scams.

The repeated security failures have pushed creditors to pursue legal recourse. Last month, a group of FTX creditors filed a lawsuit against the bankruptcy claims agent, Kroll. The lawsuit argues that Kroll’s mishandling of sensitive creditor information directly left them vulnerable to cybercrime, causing further financial damage on top of the massive losses already suffered from the exchange’s collapse. This legal action underscores the growing frustration with the ancillary risks creditors face long after the initial failure, turning the process of recouping losses into an ongoing battle against fraud.

While creditors fend off digital attackers, the digital ghost of FTX’s founder has re-emerged. On the same day the airdrop scam was exposed, the X account of Sam Bankman-Fried (SBF) was reactivated after a long silence. The account posted a simple ‘gm’ (good morning), immediately sparking widespread speculation about whether the disgraced founder was communicating from behind bars. The chatter was quickly subdued by a follow-up post clarifying that a friend now controls the account and is posting on Bankman-Fried’s behalf.

The account’s bio now lists a mailing address for the prisoner’s correspondence, suggesting that the friend may use the platform to share replies to letters sent to SBF. Intriguingly, the address is tagged with the word ‘monitored,’ a clear indication that all incoming and outgoing correspondence will be read by prison authorities before reaching Bankman-Fried. This could serve as a warning to anyone attempting to send potentially incriminating material. Bankman-Fried, who pleaded not guilty but was convicted for orchestrating one of the largest financial frauds in cryptocurrency history, is currently serving a 25-year sentence in a federal prison while actively appealing his conviction and sentence.