The emails arrived on Monday, promising refunds. They came from valid “.gov” email addresses, with headers from a cryptocurrency exchange.
But the emails weren’t legitimate, and they weren’t April Fool’s Day pranks. They were phishing scams, according to the Maryland Office of the Comptroller, designed to look like users could follow instructions to get a money from Bittrex, a now-defunct digital currency.
“The email was sent from compromised accounts to several listservs hosted on a third-party server,” the comptroller’s office said in a statement Friday. No other systems were affected, and no taxpayer personal information was compromised, the statement said.
Though the number of people who received the apparent phishing email is unknown, fewer than 30 people had told the Office of the Comptroller that they clicked any of the links in the email as of Thursday afternoon, and none said they experienced any further hack or data theft.
Bittrex shut down in August 2023 after settling charges that it operated as an unregistered national securities exchange, broker and clearing agency. The platform declared bankruptcy before the settlement.
A website for users who have funds to claim from the platform warns of phishing scams and a fake website with inflated account balances to lure people into entering their personal information.
Read More
The comptroller’s office notified those who received the phishing emails and instructed them to delete the emails. Officials there also disabled the affected email accounts so they could not be used to send any more malicious emails.
The comptroller’s office said anyone who provided financial information after following a link in the Monday email should contact their banking service.