Phishing emails from Blockfi

Two weeks ago I opened an account with Blockfi. I began receiving suspicious emails immediately after opening the account. The sending address in the suspect emails does not match the legitimate support address for Blockfi, and when hovering over the links the addresses are long strings of characters. Legitimate emails from Blockfi contain the correct address which is much shorter. I copied one of these suspicious link addresses and pasted it into a search, and the results were quite bizarre and none of them were related to Blockfi. Two weeks after opening my account I made a change and then received an email from the suspect address acknowledging the change. This appears to be an ongoing security breach where the attackers have regular access, as opposed to personal info being stolen in a one-time attack.

I saw a recent post from a Discord user who received an email saying their account was not secure because they had not enabled MFA. They knew it was a scam because they already had MFA enabled.

I filled out a ticket to report the issue, because they do not appear to be aware. After the previous security breach last year they issued a public statement four days after the attack was found, but I have not been able to find any news on the current situation.

I was just starting to come out of my DCA and HODL safe space to pursue earning interest and was immediately faced with a “learning experience.” Gemini keeps most of their funds in cold storage so they’re probably safe, but personal information is vulnerable.

Be careful out there.

Just keep an eye on those emails, and maybe consider enabling all the security features available.

I had a similar situation when I signed up for a new service last year. Almost immediately, I started getting weird emails that didn’t look right. The sender’s address was all off, and the links were long and strange. I even clicked on one (not the smartest move, I know!) and it led to a totally unrelated site.After that, I made sure to double-check everything. I found this link that helps you check if your email might have been compromised. It gave me a bit of peace of mind knowing I could keep an eye on my accounts. Reporting those phishing attempts is definitely the right move; it’s so important for everyone’s security.