- Huawei steps up AI chip race with Ascend 910D, targeting Nvidia’s high ground
- Innovative OT Security Solutions by Cisco at RSAC 2025
- La gran apuesta de Bank of America por la IA, a examen
- 4 ways to scale generative AI experiments into production services
- ISACA Highlights Critical Lack of Quantum Threat Mitigation Strategies
Threat Actors Taking Advantage of FTX Bankruptcy | McAfee Blog

Authored by Oliver Devane
It hasn’t taken malicious actors long to take advantage of the recent bankruptcy filing of FTX, McAfee has discovered several phishing sites targeting FTX users.
One of the sites discovered was registered on the 15th of November and asks users to submit their crypto wallet phrase to receive a refund. After entering this phrase, the creators of the site would gain access to the victim’s crypto wallet and they would likely transfer all the funds out of it.
Upon analyzing the website code used to create the phishing sites, we noticed that they were extremely similar to previous sites targeting WalletConnect customers, so it appears that they likely just modified a previous phishing kit to target FTX users.
The image below shows a code comparison between a website from June 2022, and it shows that the FTX phishing site shares most of its code with it.
McAfee urges anyone who was using FTX to be weary of any unsolicited emails or social media messages they receive and to double-check the authenticity before accessing them. If you are unsure of the signs to look for, please check out the McAfee Scam education portal (https://www.mcafee.com/consumer/en-us/landing-page/retention/scammer-education.html)
McAfee customers are protected against the sites mentioned in this blog
Type | Value | Product | Detected |
URL | ftx-users-refund[.]com | McAfee WebAdvisor | Blocked |
URL | ftx-refund[.]com | McAfee WebAdvisor | Blocked |