Fake Emails Flood Creditors as FTX Payouts Continue
The official FTX account on X (formerly Twitter) has issued a critical warning to creditors and the public about a new wave of phishing scams targeting those awaiting payments from the exchange’s bankruptcy distributions.
According to FTX, scammers have launched sophisticated phishing campaigns by impersonating Kroll Restructuring Administration and the FTX Recovery Trust—two entities managing the exchange’s ongoing creditor repayments. These fraudulent messages are designed to steal user credentials and redirect funds from unsuspecting claimants.
Please remain aware of phishing emails that look like they are from Kroll or the FTX Recovery Trust and links to scam sites that may appear to look like the FTX Customer Portal (https://t.co/DkYi2hDLbI), such as the examples shown below. Reminder: We will never ask you to connect… pic.twitter.com/vHaXYLzzo8
— FTX (@FTX_Official) October 3, 2025
Please remain aware of phishing emails that look like they are from Kroll or the FTX Recovery Trust and links to scam sites that may appear to look like the FTX Customer Portal (https://t.co/DkYi2hDLbI), such as the examples shown below. Reminder: We will never ask you to connect… pic.twitter.com/vHaXYLzzo8
— FTX (@FTX_Official) October 3, 2025
The alert follows FTX’s recent third round of distributions, worth $1.6 billion, announced in late September under its Chapter 11 bankruptcy plan.
Scammers Impersonate Kroll and “Digital Disbursements”
The fraudulent emails reportedly claim to offer creditors between 118% and 142% recoveries on petition-date claim values — an enticing promise that has already duped several users.
Attackers send messages that appear to come from “Kroll Settlement Advisory” or “Digital Disbursements”, directing recipients to fake domains like clientid-ftxclaims.com that mimic FTX’s legitimate Customer Claims Portal.
FTX emphasized that it will never request users to “connect” emails or wallets to receive payments. The firm added that these emails are part of a wider phishing network attempting to exploit creditors as FTX enters its final repayment phases.
Users Told to Stick to Official Portals
FTX’s official communication channels and the Kroll claims portal remain the only valid sources for payout information. The exchange urged users to:
- Avoid clicking on unsolicited links or attachments.
- Double-check sender domains.
- Report suspicious messages directly to FTX’s support team.
The company’s security team also noted that these attacks typically escalate during active distribution phases, when claimants are most likely to expect communication.
$1.6 Billion Distributed — But Scammers See Opportunity
On September 30, 2025, FTX distributed $1.6 billion to creditors as part of its third payout tranche. Eligible recipients included U.S. claimants, convenience claimants, dotcom customers, and unsecured lenders, with payments arriving via BitGo, Payoneer, or Kraken within 1–3 business days.
The FTX Recovery Trust has now completed three successful distribution rounds, pushing total repayments close to 95% of claims, one of the highest recovery rates in bankruptcy history.
However, as legitimate transactions flow, phishing scams have increased — a trend experts say is “predictable but dangerous.” Cybersecurity firm BlockSec noted that crypto recovery schemes attract some of the most persistent phishing groups, especially when victim data has already circulated online from prior leaks.
Up to $16.5 Billion Still to Be Returned
According to FTX’s court-approved reorganization plan, the exchange is on track to return up to $16.5 billion to creditors. Future distributions will continue over the next year, requiring identity verification, tax documentation, and account onboarding through official platforms.
Despite the warning, FTX reaffirmed that no new breach or data leak has occurred and that all current systems remain secure.