BlockFi Settlement Is Now Being Paid Out Email Scam Explained

Photo of author

Written by: Thomas Orsolya

Published on:

If you’ve recently received an email with a subject line along the lines of “The legal settlement is now being paid out as of Oct 21th, 2025. Eligible recipients can view payment details and track the status of their settlement by logging into the dashboard.” purporting to be from BlockFi Inc. (via Kroll Restructuring Administration LLC) — pay very close attention. This message may appear legitimate — it references known firms, shows a believable amount of crypto (for example “0.3925 BTC / 0.7298 ETH”) and uses official-looking logos — but in fact it appears to be a carefully orchestrated phishing scam. The fraudulent email is designed to exploit the real worries of people who lost funds in BlockFi’s collapse.

In this article we’ll walk you through how the scam works, how to spot it, what to do if you’ve been ensnared, and how to protect yourself going forward.

23 1

Scam Overview

The phenomenon at hand is part of a broader and increasingly sophisticated phishing campaign targeting creditors of bankrupt crypto firms, including BlockFi. Here’s a deep dive into the details.

Context: BlockFi’s Bankruptcy and Claims Process

BlockFi filed for Chapter 11 bankruptcy in late 2022 after the crypto downturn and contagion triggered by entities like FTX Trading Ltd.. As part of the restructuring, customers who had deposits or crypto holdings were told they might receive distributions or assets back (in diminished form) through Kroll as the claims agent. These events created legitimate communications opportunities — but also ripe conditions for malicious actors.

The Scam in Brief

Scammers have been sending fake emails to target people who either had BlockFi accounts, or are on lists of potential claimants. These emails often:

  • Mimic the BlockFi/Kroll branding.
  • Claim “you are eligible for a settlement/distribution” of crypto (BTC, ETH, etc.).
  • Provide an urgent “To-do” link to log in or track your payment status.
  • Lead to phishing sites or ask you to connect your wallet, reveal seed phrases, or provide private credentials.
  • Result in funds being drained from your wallet or personal identity data being compromised.

Scale and Sophistication

These phishing attacks are not trivial. According to security reporting:

  • One campaign targeted BlockFi & FTX creditors, netting at least $7 million in crypto/NFTs within a matter of days.
  • The attacker used infrastructure such as the “Pink Drainer” kit, email list data from breaches (e.g., the Mailer Lite breach), and exploited dormant crypto wallets of claimants not closely monitoring activity.
  • Phishing emails often lacked overt red-flags like misspelling; they looked high quality and used realistic branding, making detection harder.

What’s Being Offered — and What’s Really Happening

Victims receive an email that claims:

“The legal settlement is now being paid out as of Oct 21th, 2025. Eligible recipients can view payment details and track the status of their settlement by logging into the dashboard. Amount available: 0.3925 BTC / 0.7298 ETH.”

This is deliberately crafted to look urgent and real. It plays on expectations many BlockFi claimants have of receiving some payout or update. But instead of being legitimate, the email:

  • Directs you to click a link on a non-official site.
  • May ask you to connect your crypto wallet and sign a transaction (which gives permission to drain it).
  • May ask for login credentials, KYC details, or seed phrases.
  • Once access is granted, the scammer makes off with your crypto, your identity, or your wallet connected assets.

Why It’s Effective

Several factors increase the effectiveness of this scam:

  • Emotional pressure: Many users are anxious about whether they’ll receive anything from BlockFi’s liquidation/restructuring. That creates urgency and lowers skepticism.
  • Dormant wallets: The scam targets wallets that haven’t been touched in a long time. Victims may not monitor them closely.
  • Authentic-looking sender: The use of “public.govdelivery.com” domains or otherwise plausible email addresses tricks people into trusting the message (more on that domain later).
  • Credentials/data breach: Email lists of old BlockFi clients or Kroll claimants were exposed in earlier breaches, giving scammers a ready audience.
  • Blockchain transfer: Crypto transfers can be irreversible, so once access is granted the funds are likely gone.

Specific Red Flags in This Variant

In your described email:

  • The email address “LittleElm@public.govdelivery.com” is legitimate in the sense that GovDelivery is a platform used by municipal governments to send updates. But in this context the scammers are spoofing or mis-using it.
  • The visual includes “BlockFi via Kroll” branding, matching what claimants expect — creating a veneer of legitimacy.
  • It claims a precise amount (0.3925 BTC / 0.7298 ETH) which may lure the recipient with specificity.
  • The call to action is to log in to the dashboard — a typical hook for phishing.
  • The domain is not an obvious “@blockfi.com” or “@kroll.com” address, and clicking the link likely takes you to a third-party phishing website.
  • The email is unsolicited or unexpected by many recipients.
  • It asks (implicitly) for account credentials or wallet connection.

Legitimate Process Warning

It is worth noting that the real BlockFi distribution process (as per Coinbase Global, Inc. help article) states:

“Beware of scammers who contact you in an effort to help you receive your distribution. Neither Coinbase nor BlockFi will ask you to send funds manually or require you to provide any sort of password or 2FA code.”
Hence any unsolicited link asking for such steps should trigger caution.

How The Scam Works

Below is a detailed step-by-step breakdown of exactly how this scam unfolds — so you can recognise each stage and prevent falling victim. This section is structured to show the timeline, the tactics used, and what happens behind the scenes.

Step 1: Harvesting Targets

  • Scammers acquire raw email lists of former customers or claimants of BlockFi. These could be from data breaches (for example a breach of Mailer Lite or the Kroll claims database).
  • The lists include email addresses and possibly other metadata (e.g., approximate crypto holdings, wallet addresses) of dormant or formerly active accounts.
  • Dormant wallets (accounts that haven’t moved crypto in months or years) are especially targeted because the owners are less likely to immediately notice theft.

Step 2: Crafting a Convincing Email

  • The scammer designs an email that mirrors the branding of BlockFi and Kroll: including BlockFi’s logo, Kroll’s restructuring language, references to “legal settlement”, and plausible-looking amounts.
  • They choose a sender name and email that look official: for example “BlockFi via Kroll” or something like “BlockFi Settlement Admin” from an address like xyz@public.govdelivery.com. While GovDelivery is legitimate as an e-mail service for government notifications, here it is being misused as a “from” domain to lend credibility.
  • The email subject and header create urgency (“Settlement Now Being Paid”, “Eligible recipients can view payment details”, etc.). This urgency is intentional to reduce the recipient’s time to think.
  • The email includes a call to action: click the link, view dashboard, log in, verify your information.
  • The email may quote a specific amount of crypto (e.g., 0.3925 BTC, 0.7298 ETH) that appears plausible to the recipient.

Step 3: Link to Phishing/Wallet-Connection Page

  • When the recipient clicks the link, they are directed to a phishing website. This site may mimic legitimate payment- or wallet-interaction portals. The URL might look like blockfi-settlement.xyz or a subdomain, or even a site labelled as “Digital Disbursements”, “Digital Disbursements.com” or similar. (MalwareTips named this tactic)
  • On the landing page the user is asked to:
    1. Enter their email address or claimant ID.
    2. Possibly verify their wallet address.
    3. Connect their crypto wallet via a “Connect Wallet” button (for example MetaMask, TrustWallet, etc.).
    4. Possibly sign a transaction or give permissions for the wallet (e.g., “Approve this transaction to confirm you own this wallet”).
    5. In worst-case scenarios, the site may ask for the wallet’s seed phrase, private key, or 2FA code, under the guise of verifying identity.
  • Once the wallet is connected and permissions granted, the attacker has essentially given permission to drain the wallet or to move funds.

Step 4: Execution of Theft

  • With the victim’s wallet connected, the scammer can call the approve function of ERC-20 tokens, or initiate unauthorized transfers of crypto assets.
  • Because blockchain transactions are irreversible, once the funds are moved the victim has little recourse.
  • Scammers may then consolidate stolen funds into one wallet, swap into other tokens, or send to mixers to launder. The stolen funds may total in the millions, as seen in reports.
  • Victims may not notice until later — especially if their wallet was dormant.

Step 5: Secondary Exploits

  • Beyond immediate crypto theft, the scammers may store and reuse any collected personal info (such as names, email addresses, claimant IDs, wallet addresses) for further phishing or identity theft.
  • They may sell the data on dark-market forums or use it to send follow-up phishing campaigns.
  • Some of the techniques used include signing documents, collecting identity images, or getting authorisation. For example, some victims reported being asked to “sign” on screen.

Step 6: Distraction and Re-Contact

  • After initial contact, victims may receive further “updates” or “reminder” emails which continue to push urgency or additional “verification steps” — giving scammers even more opportunity.
  • Meanwhile, the legitimate claims process by BlockFi/Kroll continues via official channels (if applicable), making it harder for the victim to differentiate the real from fake.

Variation: Wallet Freeze / Dormant Wallet Targeting

  • A common pattern: the victim receives an email even when they have not recently accessed the wallet for a long time. The scam utilises the fact that the user is expecting or hoping for some payout and may not monitor activity closely.
  • Once funds are stolen, the wallet owner might attribute the loss to “maybe I forgot to withdraw” rather than recognise a scam right away.
  • The scam may be timed to coincide with updates about BlockFi’s actual restructuring or payout announcements — making the communication look more legitimate.

Why the Domain “public.govdelivery.com” Appears

  • GovDelivery is a legitimate email-notification service used by many municipal governments and organisations to disseminate newsletters, alerts, etc.
  • Scammers exploit such domains because they are trusted by many recipients and bypass some spam-filters. They may register a sub-domain or misuse a “from” address that looks like it came via GovDelivery.
  • In this case, while the address LittleElm@public.govdelivery.com may be legitimate as a service, the content of the email is not necessarily authorised by the organisation — and its use is malicious in context. The spoofed use of an organisation’s trusted domain generates credibility, but does not equate to legitimacy.

Why Traditional Spam Filters and Safety Advice May Not Catch It

  • Because the email uses realistic branding, good grammar, no obvious typos, and sender domains that appear legitimate, many of the simple spam flags are bypassed.
  • Many users believe that any communication about BlockFi’s restructuring must be real, given the long-waiting nature of their claims.
  • Users may receive multiple versions of the email, making the latest version even more convincing.
  • The wallet-connection step is more advanced in Web3 context, meaning conventional “don’t click links” guidance might not fully prepare crypto users.

Key Takeaways from this Scam’s Execution

  • It exploits trust: Users know they were claimants of BlockFi and expect legitimate communications.
  • It exploits urgency: The language “Settlement is now being paid out”, “Eligible recipients can view payment details”, “Track your status” pushes quick action.
  • It exploits technical complexity: Crypto wallet interactions are less familiar and more easily manipulated.
  • It exploits idle assets: Dormant wallets are easier to target without immediate detection.
  • It uses high-quality impersonation: Real branding, real amounts, plausible context.
  • It uses address reuse: Introducing wallets, connecting permissions, often irreversible.
  • The outcome: victims lose funds, identity data, or both.

What to Do If You Have Fallen Victim to This Scam

It’s critical that if you suspect or know you’ve been scammed, you act quickly. Below is a detailed numbered list of steps you should take immediately.

  1. Disconnect or Revoke Wallet Access
    • If you connected your crypto wallet (e.g., MetaMask, TrustWallet, Ledger) to a suspicious site, go to that wallet immediately and check token approvals or connected sites.
    • Use tools such as Etherscan’s Token Approval Checker to see which addresses/contracts you have approved from your wallet. Revoke approvals for unfamiliar contracts.
    • If possible move your assets to a new wallet with a fresh seed phrase — but only after revoking access. Do not reuse the same wallet if permissions were granted.
  2. Freeze or Transfer Remaining Funds
    • Transfer out any remaining funds from the compromised wallet to a secure wallet (one which has never been exposed or connected to suspicious sites).
    • If you hold NFTs in the same wallet, consider transferring them as well, as they might be subject to targeted draining.
    • While transferring, pay caution to transaction fees (gas) and ensure your new wallet is properly protected.
  3. Change Credentials and Enable Multi-Factor Authentication (MFA)
    • If you entered or believed you entered account passwords, email addresses, or other personal details in the phishing page, immediately change passwords on those accounts (email, crypto exchange, financial logins).
    • Activate MFA (2FA) everywhere possible — authenticator apps are preferred over SMS where available.
    • If you reused a password elsewhere, change those as well.
  4. Monitor Activity / Assets Closely
    • Keep an eye on blockchain explorers for your wallet addresses to see any further outgoing transactions you didn’t authorise.
    • Monitor your email for suspicious login attempts or communications referencing the scam.
    • Consider setting up alerts for unusual transactions in your crypto holdings, bank accounts, or other connected accounts.
    • If your identity info was disclosed (for example your name, address, claimant ID), consider placing a fraud alert on your credit file (if applicable in your jurisdiction).
  5. Report the Incident
    • Report the phishing email to your email provider (mark as phishing/spam).
    • Report to relevant authorities: In the US, you can file with the Federal Trade Commission (FTC) at reportfraud.ftc.gov and the Internet Crime Complaint Center (IC3).
    • If you are outside the US, report to your national cyber-crime centre or financial/regulatory body.
    • Report to the platform impersonated (BlockFi/Kroll) and any service used (e.g., GovDelivery) so they can investigate misuse of their domains.
    • If you lost cryptocurrency, consider filing a report with your local law enforcement, and provide transaction hashes, victim wallet addresses, phishing URLs, etc.
  6. Preserve Evidence
    • Keep a copy of the phishing email, including header metadata, sender address, timestamp, and link URLs.
    • Save screenshots of any webpages you visited (or still accessible).
    • Note the wallet address to which funds were moved (transaction hashes).
    • This documentation may help law enforcement or exchanges in tracing/flagging stolen funds.
  7. Warn Others / Share Your Experience
    • Inform any contacts who may receive similar emails (especially if you received it through a group or shared list).
    • Post to forums or comment threads (for example Reddit threads about BlockFi scams) to raise awareness. Indeed, users on Reddit have shared their experience receiving similar “blockfi settlement” emails.
    • Using your experience helps reduce the spread of such scams.
  8. Check for Legitimate Communications Separately
    • If you believe you may be eligible for a real payout from BlockFi/Kroll, go to the official website (for example restructuring.ra.kroll.com/blockfi) rather than clicking any email link.
    • Double-check that the communication came from an official domain or source. Legitimate communications typically:
      • Do not require you to send funds or provide seed phrases.
      • Will reference your claimant ID or account in a clear way.
      • Will provide you with verified links (you can access by typing into browser instead of clicking email links).
    • If you’re unsure, you can contact the administrator via official support channels and confirm.
  9. Consider Professional Advice
    • If large sums are involved, you may want to consult a cybersecurity expert or legal counsel specialising in crypto fraud.
    • For identity theft concerns, you might also engage a credit-monitoring service, especially if your personal identity data was exposed.
  10. Learn from the Experience / Strengthen Future Defences
    • Make sure you maintain separate wallets for “cold storage” vs “hot wallet” use (i.e., one for storing assets offline, one for frequently used funds).
    • Limit the number of sites your wallet is connected to; periodically review and revoke token approvals.
    • Be very sceptical of unsolicited emails claiming refunds, settlements, or refunds relating to crypto firms — especially when you did not register or expect them.
    • Enable hardware wallet use where possible, and never expose seed phrases or private keys.
    • Educate yourself about phishing, social-engineering and wallet-hijacking techniques (for example the videos and guides found via general safety resources).

FAQ: “BlockFi Settlement Is Now Being Paid Out” Email Scam

Q1: What is this scam about?
The scam in question involves fraudulent emails sent to individuals who either held accounts with BlockFi or were potential claimants in its bankruptcy process. These emails pose as official notices stating that a “legal settlement is now being paid out” (e.g., “as of Oct 17th, 2025… Amount available: 0.3925 BTC / 0.7298 ETH”) and invite recipients to click a link to view payment details or log in to a “dashboard.” In reality the link directs to a phishing website that aims to steal account credentials, private keys, crypto wallet permissions or other sensitive personal and financial information. The scammers exploit the fact that BlockFi underwent bankruptcy and many users expect some kind of distribution. By impersonating the legitimate process, they trick recipients into handing over control of their wallets or credentials. Security analysts estimate that such campaigns targeting BlockFi (and similarly FTX) claimants have netted millions of dollars in stolen crypto and NFTs.

Q2: How can I tell if an email like this is fake or real?
There are several red flags and verification steps to distinguish a scam from genuine communications:

  • Sender domain: Genuine emails regarding BlockFi distributions have come from trusted domains such as @e.blockfi.com, @ra.kroll.com or @digitaldisbursements.com (for verified distributions). If the email comes from an odd or borderline domain (for example @public.govdelivery.com in this context) it is suspect.
  • Links instead of manual login: If the email directs you to click a link instead of prompting you to go manually to the known official site and log in, that is a red flag. Legitimate notices advise you to visit the official site directly.
  • Requests for wallet private keys or “connect wallet” permissions: If you are asked to connect your wallet as part of “claiming” a payment, sign a transaction, or provide seed/private keys, this is highly suspicious. A legitimate distribution would not require handing over such access.
  • Unexpected amounts or claims you did not initiate: If you receive an email saying you are eligible for a payment when you weren’t expecting one, or it shows a random crypto amount (such as 0.3925 BTC / 0.7298 ETH) that you didn’t expect, treat with caution.
  • Urgency and pressure: Scams often use time pressures (“You must act by this date”, “Eligible recipients can view payment details”) to reduce your ability to verify.
  • Check official channels: Visit the official distribution site (for BlockFi: the Kroll restructuring page) and compare whether the email matches the communication style there. if not, it’s likely fake.
    By cross-checking these elements and proceeding cautiously, you can significantly reduce the risk of falling for a fake email.

Q3: Why are scammers specifically targeting BlockFi claimants?
There are a few key reasons why this group is especially vulnerable:

  • Expectations of payout: Many former BlockFi customers or creditors are still awaiting distributions following the company’s bankruptcy filing in 2022. The existence of a real claims process makes it plausible to receive an email about “settlement” or “payout”, which scammers exploit.
  • Dormant wallets: Many BlockFi users may have wallets that they haven’t accessed in months or years. Scammers target these dormant wallets because victims may not notice unauthorized activity immediately.
  • Data breaches and email lists: It is believed that email lists from data compromises (for example a breach of MailerLite) and the exposure of claimants’ data gave scammers ready access to potential targets.
  • Crypto complexity: The process of connecting wallets, authorising transactions, and handling crypto is less familiar to many people than traditional banking. Scammers exploit this complexity, knowing that victims may not understand exactly what they are authorising.
    Because of these factors, the scam presents itself at a moment when victims are primed (expecting something) and vulnerable (less vigilant).

Q4: If I clicked the link or connected my wallet, what are the risks?
If you have clicked the link, connected your wallet, signed a transaction, or entered credentials, here are the specific risks you face:

  • Loss of crypto assets: By connecting your wallet and granting permission (for example approving a smart contract), scammers can move your funds out, transfer tokens, drain NFTs, etc. Because blockchain transactions are irreversible, once assets leave your wallet you may not recover them.
  • Compromised credentials: If you entered account login details (for an exchange, wallet or email) then that account could be accessed by scammers. They may attempt further phishing, withdraw funds, or impersonate you.
  • Identity theft: Some fake sites may request personally identifiable information (ID numbers, photos of documents, signatures). That information can be used for identity theft or sold on dark markets.
  • Permission hijacking: Even if assets are not immediate drained, if you approve a malicious smart contract you may lose future tokens or be exposed to “rug-pulls” or malicious tokens being authorised in your wallet.
  • Secondary phishing campaigns: Once scammers know you are a “claimant” or exposed target, you may be added to more advanced phishing attempts, fake recovery services, or identity-extortion scams.
    Given these risks, taking immediate remediation steps is vital if you suspect you have interacted with a fraudulent link.

Q5: Are there legitimate communications from BlockFi or Kroll I should trust? How to verify them?
Yes — there are legitimate communications concerning the BlockFi bankruptcy and distributions, but you must verify them properly. Here is how to do that:

  • Go directly to the official webpage: The official restructuring information for BlockFi is posted on Kroll’s site: cases.ra.kroll.com/BlockFi.
  • Known sender domains: Valid emails have been sent from addresses such as @ra.kroll.com, @e.blockfi.com, @digitaldisbursements.com. If the email comes from a different domain (especially one you don’t recognise) it may be phishing.
  • No requests for wallet seed/private keys: Legitimate communications will not ask you to provide your wallet’s seed phrase, or to “connect” your wallet and approve a transaction in order to receive a payout. For instance, the official help article states “Neither Coinbase nor BlockFi will ask you to send funds manually or require you to provide any sort of password or 2FA code.”
  • Check for “Signed-by” in the header: Some email clients show “Signed-by: domain” in the sender info. If the signing domain is not a trusted domain, the email is likely fake.
  • No payment/before you qualify: Legitimate distributions are based on a claims process, not unsolicited surprise large crypto amounts you never knew about.
    If you are ever unsure, type the official URL into your browser yourself rather than clicking a link in the email, and contact Kroll or official BlockFi support to confirm.

Q6: What should I do if I have lost funds or my wallet was compromised?
If you believe you have fallen victim to a phishing email or wallet compromise, you should act immediately. Here’s a detailed action plan:

  • Revoke wallet approvals: Check all dApp and smart-contract approvals for your wallet (for example via Etherscan’s Token Approval Checker) and revoke any you do not recognise.
  • Move remaining assets: Transfer any remaining assets to a new wallet that has never been exposed or connected to suspicious sites. Create it offline or using a hardware wallet if possible.
  • Change passwords & enable MFA: For any accounts (email, exchange, wallet) where you provided credentials, change the password immediately and enable two-factor authentication (preferably using an app, not SMS).
  • Monitor blockchain transactions: Keep track of outgoing transactions from your wallet and look out for unexpected activity. You may also flag stolen wallet addresses to blockchain monitoring services.
  • Report the scam: File a report with your country’s cyber-crime authority (for example the FTC in the U.S.), and send the phishing email and URL to the company being impersonated so they can investigate.
  • Preserve evidence: Retain copies of the email, including full headers, the phishing URL, wallet addresses involved, transaction hashes, date/time stamps — this may help investigations.
  • Consider identity protections: If you entered personal data (ID, documents, signatures), consider placing fraud alerts on your credit or identity file (depending on your jurisdiction) and monitor for misuse.
  • Learn and protect going forward: Treat the incident as a highly important lesson: avoid unsolicited links, separate your hot wallet from cold storage, audit your wallet connections regularly and educate yourself on latest crypto phishing techniques.
    Taking swift action gives you the best chance of limiting damage and protecting your other assets.

Q7: Will I ever get a legitimate payout from BlockFi / Kroll if I’m eligible?
Yes — if you are a legitimate claimant of BlockFi and meet the requirements, a genuine payout or distribution may still be possible through the official bankruptcy process. However:

  • The process is formal and structured, and you will receive notification via official channels (not via random emails claiming you have crypto to pick up).
  • Legitimate communications will not ask you to pay a fee, send crypto, or connect a wallet for “verification” unrelated to the standard claims portal.
  • If you are eligible, you should go to the official site, input your claimant ID, and follow the published steps. You should not rely solely on an email link to initiate the payout.
  • Even if you receive a legitimate notice, that does not guarantee that every email you receive claiming to be a payout is real — scammers will piggy-back on the real process.
    So yes, payouts may happen, but only via verified and secure channels. Always treat unexpected payout-emails with extreme caution.

Q8: What are the most common tactics scammers use in this kind of email?
Scammers behind this BlockFi-style payout email scam employ a range of tactics designed to deceive and exploit:

  • Realistic branding: Use of official logos (BlockFi, Kroll), legitimate-looking amounts of crypto, and references to “legal settlement”, “payout”, “dashboard”, etc.
  • Legitimacy mimicry: Use sender domains that appear legitimate or use third-party services (e.g., @public.govdelivery.com) so spam filters may not flag them.
  • Targeting dormant or waiting wallets: Emails sent to people who had accounts but haven’t accessed them for a while, making them less alert and more likely to act.
  • Urgency: Pressure to act quickly (“You are eligible”, “View immediately”, “Tracking status by logging in”) to reduce second-thought.
  • Wallet connection hook: The email directs you to a web page where you connect your wallet, grant permissions, or sign a transaction — giving the scammer access.
  • Use of data from breaches: Emails may include credible personal details (wallet addresses, previous holdings, amount expected) because scammers use compromised databases.
  • No obvious typos: These emails are high quality, with proper grammar and layout — making them harder to spot.
    Being aware of these tactics will help you spot the scam the next time it appears.

Q9: Can I recover my stolen crypto if I fell victim?
Recovering stolen crypto is extremely difficult. Blockchain transactions are mostly irreversible and anonymous. However, you can take certain steps:

  • Report immediately: Contact crypto exchanges you used, submit transaction hashes, wallet addresses, and request that the stolen funds be flagged or traced.
  • Contact law enforcement: Provide them with all relevant documentation and transaction data. In some jurisdictions, there are agencies specialising in crypto crime.
  • Alert the blockchain community: Submit the scammer’s wallet address to public fraud watch-lists and blockchain monitoring services so future victims may be warned.
  • Chase through legal process (if applicable): If the scammer is identified or linked to a traceable account you might pursue civil action, but it’s often costly and uncertain.
  • Use prevention for the future: Accept that full recovery may be unlikely — focus on protecting remaining assets, improving security, and preventing further loss.
    While there is no guarantee of recovery, acting quickly and documenting everything gives you at least some chance and may help others avoid the same fate.

Q10: How can I protect myself from future scams of this type?
Here are recommended protection measures:

  • Never click unsolicited links: If you get an email about payouts, type the verified URL yourself rather than using the link.
  • Maintain separate wallets: Use a “cold storage” wallet for long-term holdings and a “hot wallet” for active use. Keep sensitive funds offline if possible.
  • Regularly audit wallet approvals: Use tools like Etherscan Token Approval Checker and revoke permissions for dApps/contracts you no longer use.
  • Enable hardware wallet and seed-phrase safety: Do not store your seed phrase online, never share it, and preferably use hardware wallets for significant holdings.
  • Stay informed about phishing techniques: Scams evolve — keep up with latest crypto phishing news and share information with your network.
  • Use strong unique passwords and 2FA: For email, exchange, and wallet accounts, use unique passwords and authentication apps, not SMS where possible.
  • Check sender signing domain: In your email client, verify the “Signed-by” or “DKIM” domain and whether it matches official domains. If not, treat it as suspicious.
  • Avoid reusing the same email for sensitive crypto communications: Consider keeping a dedicated email address for crypto-related correspondence and monitor for unexpected messages.
  • Educate your circle: Share knowledge of these scams with friends or family who hold crypto — scammers often target less experienced users.

By applying these practices consistently, you can reduce your exposure to phishing, wallet drainage, and data compromises.

The Bottom Line

The email claiming “Settlement Is Now Being Paid Out” for BlockFi is almost certainly part of a sophisticated phishing campaign designed to steal crypto, credentials, or both. It leverages real events (BlockFi’s bankruptcy, creditor claims), believable branding, and technical wallet-connection mechanisms to trick victims. The best defence is vigilance: never trust unsolicited emails offering payouts, always verify via official channels, never click suspicious links or give wallet permissions lightly. If you believe you’ve been targeted, act quickly: disconnect your wallet, move assets, change credentials, report the scam and preserve evidence. By being informed and cautious you can significantly reduce your risk of falling victim to this dangerous scheme.

Stay safe, stay alert — and when in doubt, pause before you click.

10 Rules to Avoid Online Scams

Here are 10 practical safety rules to help you avoid malware, online shopping scams, crypto scams, and other online fraud. Each tip includes a quick “if you already got hit” action.

  1. Stop and verify before you click, log in, download, or pay.

    warning sign

    Most scams win by creating urgency. Verify using a trusted method: type the website address yourself, use the official app, or call a known number (not the one in the message).

    If you already clicked: close the page, do not enter passwords, and run a malware scan.

  2. Keep your operating system, browser, and apps updated.

    updates guide

    Updates patch security holes used by malware and malicious ads. Turn on automatic updates where possible.

    If you saw a scary “update now” pop-up: close it and update only through your device settings or the official app store.

  3. Use layered protection: antivirus plus an ad blocker.

    shield guide

    Antivirus helps block malware. An ad blocker reduces scam redirects, phishing pages, and malvertising.

    If your browser is acting weird: remove unknown extensions, reset the browser, then run a full scan.

  4. Install apps, software, and extensions only from official sources.

    install guide

    Avoid cracked software, “keygens,” and random downloads. During installs, choose Custom/Advanced and decline bundled offers you do not recognize.

    If you already installed something suspicious: uninstall it, restart, and scan again.

  5. Treat links and attachments as untrusted by default.

    cursor sign

    Phishing often impersonates delivery services, banks, and popular brands. If it is unexpected, do not open attachments or log in through the message.

    If you entered credentials: change the password immediately and enable 2FA.

  6. Shop safely: research the store, then pay with protection.

    trojan horse

    Be cautious with brand-new stores, “closing sale” stories, and prices that make no sense. Prefer credit cards or PayPal for dispute options. Avoid wire transfers, gift cards, and crypto payments.

    If you already paid: contact your card issuer or PayPal quickly to dispute the transaction.

  7. Crypto rule: never pay a “fee” to withdraw or recover money.

    lock sign

    Common patterns include fake profits, then “tax,” “gas,” or “verification” fees. Another is a “recovery agent” who demands upfront crypto.

    If you already sent crypto: stop paying, save evidence (wallet addresses, TXIDs, chats), and report the scam to the platform used.

  8. Secure your accounts with unique passwords and 2FA (start with email).

    lock sign

    Use a password manager and unique passwords for every account. Enable 2FA using an authenticator app when possible.

    If you suspect an account takeover: change passwords, sign out of all devices, and review recent logins and recovery settings.

  9. Back up important files and keep one backup offline.

    backup sign

    Backups protect you from ransomware and device failure. Keep at least one backup on an external drive that is not always connected.

    If you suspect infection: do not connect backup drives until the system is clean.

  10. If you think you are a victim: stop losses, document evidence, and escalate fast.

    warning sign

    Move quickly. Speed matters for disputes, account recovery, and limiting damage.

    • Stop payments and contact: do not send more money or respond to the scammer.
    • Call your bank or card issuer: block transactions, replace the card if needed, and start a dispute or chargeback.
    • Secure your email first: change the email password, enable 2FA, and remove unfamiliar recovery options.
    • Secure other accounts: change passwords, enable 2FA, and log out of all sessions.
    • Scan your device: remove suspicious apps or extensions, then run a full malware scan.
    • Save evidence: screenshots, emails, order pages, tracking pages, wallet addresses, TXIDs, and chat logs.
    • Report it: to the payment provider, marketplace, social platform, exchange, or wallet service involved.

These rules are intentionally simple. Most online losses happen when decisions are rushed. Slow down, verify independently, and use payment methods and account controls that give you recourse.

Leave a Comment

Previous

Flocoluounity.com Pop-Up Ads – Virus Removal Guide

Next

Jackspinz.com Scam Exposed – What You Need To Know