FacebookTwitterLinkedIn

How to avoid falling for scams like a fake email from Cryptopia

Also Known As: Fake email from Cryptopia
Type: Phishing/Scam
Damage level: Medium

Tomas Meskauskas Written by on

What is a fake email from Cryptopia?

After inspecting the email, we found that it was sent by scammers impersonating Cryptopia. The goal of this scam email is to trick recipients into providing personal information through a fake website. Such emails are known as phishing emails. Recipients should be able to recognize them and should always ignore them.

Cryptopia email spam campaign

More about the fake email from Cryptopia

Cryptopia (cryptopia.com) was a cryptocurrency exchange based in New Zealand that was founded in 2014. It became one of the top 100 exchanges by trading volume. However, after facing internal issues and a major security breach in 2019 that resulted in a significant theft of its assets, Cryptopia's operations declined.

The company entered liquidation in 2019, and a legal process to reimburse affected users is still ongoing. The scam email pretends to be from the liquidators of Cryptopia and urges account holders to register their claims in a portal before the specified "cut-off date".

It provides detailed instructions on how to claim cryptocurrency lost in the 2019 hack, including phases of distribution, eligibility criteria, and deadlines. The email also mentions a review process for disputes and warns of the potential loss of cryptocurrency if not registered by the deadline.

At the bottom of the email, there are links to "Claims Portal", "Customer Service Portal", and "Dedicated Information page". Clicking these links opens a fake Cryptopia website (portal.cryptopia.co[.]nz), a fake "Claims Portal Login" site that requests to provide an email address and password to log in.

The entered information is sent to scammers, who can misuse it for malicious purposes. They can use stolen login details to access personal accounts (e.g., email, social media, or banking platforms). Once in, they can steal sensitive information, such as financial data or private messages.

They may also use the compromised accounts to carry out fraudulent transactions, impersonate the victim, deliver malware, and launch phishing attacks. Furthermore, stolen credentials might be sold on the dark web. Thus, it is highly advisable to avoid responding to suspicious emails or clicking on links or attachments within them.

Threat Summary:
Name Cryptopia Email Scam
Threat Type Phishing, Scam, Social Engineering, Fraud
Fake Claim Account holders can recover lost funds
Related Domain cryptopia.co[.]nz
Detection Names Antiy-AVL (Malicious), VIPRE (Malware), Full List Of Detections (VirusTotal)
Disguise Letter from Cryptopia
Symptoms Generic greeting, urgent language, suspicious links, grammatical errors.
Distribution methods Deceptive emails, rogue online pop-up ads, search engine poisoning techniques, misspelled domains.
Damage Loss of sensitive private information, monetary loss, identity theft.
Malware Removal (Windows)

To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
▼ Download Combo Cleaner
To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Similar scam emails in general

The scam email, pretending to be from Cryptopia's liquidators, preys on users hoping to recover their lost cryptocurrency by directing them to a fake claims portal. This phishing attempt aims to steal login credentials, which could then be used for fraudulent activities, including identity theft, financial fraud, and further cyber attacks.

To protect oneself, it is crucial to remain cautious of unsolicited emails, avoid clicking on suspicious links, and refrain from sharing personal information with unverified sources. Some examples of similar emails are "American Express - ChargeBack Payment", "LinkedIn Request To Buy From You", and "Storage Space Running Low".

How do spam campaigns infect computers?

Fraudulent emails entice users to unknowingly infect their devices via harmful files (attachments) or malicious links. These files can be MS Office documents and PDFs, script files, archives, ISO files, executables, etc. The malware activates when users open these files or perform actions like enabling macros in compromised documents.

The links embedded in these emails might direct users to malicious websites that automatically download malware or prompt them to manually run infected files or install malicious software. Essentially, cybercriminals succeed when users engage with these deceptive links or files, compromising their devices in the process.

How to avoid installation of malware?

Regularly update your system and software, and use reliable antivirus or anti-malware programs to protect your device. Do not allow suspicious websites to send notifications, and avoid interacting with pop-ups, ads, or other questionable content on shady sites. Only download software or files from official, trusted sources, such as official websites or app stores.

Be cautious when dealing with emails, especially those from unknown senders that seem out of context or unexpected. Avoid clicking on any links or opening attachments in such messages. If you have already opened malicious attachments, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate infiltrated malware.

Appearance of the scam email (GIF):

Cryptopia email scam email appearance

Text presented in the fake email from Cryptopia:

Subject: Cryptopia Claims: Notice to register claim before soft cut-off date


Notice to account holders
Cryptopia Limited (in Liquidation) – Important Notice for Account Holders to register claims before soft cut-off date
1. The liquidators of Cryptopia Limited (in liquidation) provide this notice to account holders (You) about the need to register your claim in the Cryptopia claims portal by 31 March 2025 (the Soft Cut-off date). Note this soft cut-off only applies to those who remain unregistered on the claims portal, if you have at least registered an account on the claims portal this cut-off will not be applicable to you.

Background
2. In January 2019, the Cryptopia exchange was hacked.  Cryptopia closed after the hack, re-opened for a short period, and was then placed into liquidation in May 2019.
3. On 8 April 2020, the High Court of New Zealand held that Cryptopia held the cryptocurrency on trust for the benefit of account holders.  A separate trust was held to exist in respect of each coin type.
4. The liquidators have undertaken significant work in securing, reconciling and administering the cryptocurrency held on trust for account holders (Cryptocurrency).  On 31 July 2023 the liquidators filed an application with the High Court for directions as to distribution to account holders.  Judgment was given on 1 March 2024 by Justice Palmer.  The orders can be found [here].

Distribution process
5.The liquidators will conduct a phased distribution process.

Interim Distribution
6.The liquidators have already undertaken a distribution to a subset of account holders.  In August 2024, account holders who had registered and accepted their balance in the BTC and DOGE trusts with a holding of more than NZD200 were invited to participate in the Interim Distribution. Actual distributions began in December 2024.  The liquidators distributed a maximum of 90% of those account holders' cryptocurrency holdings. Cryptocurrency was transferred via a wallet-to-wallet transfer.

Phase One Distribution
7. This phase is open to all eligible account holders.  To be eligible for a distribution an account holder must:
(a) Be in a trust (coin type) that has sufficient value.
(b) Have an account balance equivalent to or greater than their cost allocation.  
(c) Have registered their claim in the Cryptopia claims portal before 31 March 2025.
(d) Have completed identity verification and completed the balance acceptance / dispute process in the Cryptopia claims portal.

8. Eligible account holders will, after 31 March 2025 receive a notice in the Cryptopia claims portal advising them of the amount that will be deducted from each of their holdings for trust administration costs.  Eligible account holders will then receive a distribution of their holdings, less a deduction of allocated trust administration costs.  Distribution will be done via a wallet-to-wallet transfer.  

Effect of not registering by 31 March 2025
9. If as an account holder you have not registered your claim in the Cryptopia claims portal by 31 March 2025, then:
(e) The liquidators can proceed as if you are not a beneficiary, per orders from the New Zealand High Court.  
(f) Cryptocurrency that cannot be attributed to an account holder who has registered a claim in the Cryptopia claims portal will be considered unclaimed holdings.  
(g) After 31 March 2025, the liquidators will use any unclaimed holdings in a trust to cover trust administration costs for that trust.  Eligible account holders will only be allocated trust administration costs if there is not sufficient value in the unclaimed holdings to bear all administration costs of the trust.  

10. Nothing prevents claims from being received, considered and resolved after the passing of 31 March 2025.  If you, as an account holder, register a claim after 31 March 2025 you would still receive a distribution, but only if there is still cryptocurrency in the relevant trust(s) after trust administration costs have been removed.  It is possible that, if you do not register your claim, some or all of your cryptocurrency will be used to cover trust administration costs and may not be available to be distributed to you.    

Phase Two Distribution
11. The Final Cut-Off Date for all claims will be 30 September 2025.  After this date, the liquidators will wind up the trusts.

12. At this time, the liquidators may be able to conduct a further distribution if:
(h) There are account holders who have started the claims process but abandoned it.  
(i) Trust administration costs are less than anticipated, and the trusts will need to be reimbursed.
(j) The liquidators are able to recover some of the Cryptocurrency stolen in the January 2019 hack.

13. The liquidators will issue a further notice to account holders closer to the time.

Distribution details
Cryptocurrency Entitlement Date
14. The entitlement of each account holder to your respective Cryptocurrency is calculated as at 14 May 2019.

Review process
15. There is a review process available for account holders who wish to dispute their balance.

16. You may make a claim with supporting evidence.  The liquidators may accept that claim.  If the liquidators reject the claim in whole or in part, the liquidators must prepare a written statement of reasons for doing so and send it to the account holder (you) within 20 days.

17. If you are dissatisfied with the liquidators' decision, you may, at any time up until the final cut-off date of 30 September 2025, request a review to determine if the decision should be reversed or varied.

18. Details of the review process (which has been sanctioned by orders of the High Court) will be available in the Cryptopia claims portal.

19. This review process does not extinguish your legal right to prove your claim in the New Zealand High Court.

 Low / no value trusts & low account balances

20. The liquidators will not make distributions for coins in trusts that have no or low realisable value and cannot bear all of the costs of trust administration.  The liquidators will assess realisable value of each trust first at 31 March 2025 before the Phase One Distribution, and will continuously review realisable values before making distributions.

Countries where it is unlawful to hold or transact cryptocurrencies

21. If you live in a country where it is or may be unlawful to own, hold or transact cryptocurrencies, then the liquidators will not make distributions to you in a cryptocurrency.  Instead, in order to receive a distribution, you will be required to provide details of a bank account.  The liquidators will pay you a fiat currency equivalent value of your entitlement, less any additional costs associated with paying you in fiat currency.  Before payment is made to you, additional information may be required from you to satisfy the liquidators' legal obligations under New Zealand's laws, including its sanctions and anti-money laundering and countering funding of terrorism laws.  

Post-appointment deposits

22. Deposits of cryptocurrency were made to Cryptopia wallet addresses after the appointment of liquidators and while the exchange was offline.  Those deposits have not been swept into Cryptopia's wallets and do not form part of the cryptocurrencies held on trust.

23. If cryptocurrency was deposited to your deposit address/account after the date of liquidation (14 May 2019), please contact the liquidators' customer service with proof of the deposit and your payment details.  Once the liquidators have verified the deposit, we will arrange for the deposit to be distributed to you.  Transaction costs will be deducted from the amount deposited.

24. Please note that the liquidators are not required to take any other steps to return post-appointment deposits, and post-appointment deposits will only be made to eligible account holders

Claims Portal
Customer Service Portal

For other information on the Liquidation process refer to the link below:

Dedicated Information page

Fake website (cryptopia.co[.]nz) used to steal information:

Cryptopia email scam fake website (cryptopia.co.nz)

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
 ▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

Types of malicious emails:

Phishing email icon Phishing Emails

Most commonly, cybercriminals use deceptive emails to trick Internet users into giving away their sensitive private information, for example, login information for various online services, email accounts, or online banking information.

Such attacks are called phishing. In a phishing attack, cybercriminals usually send an email message with some popular service logo (for example, Microsoft, DHL, Amazon, Netflix), create urgency (wrong shipping address, expired password, etc.), and place a link which they hope their potential victims will click on.

After clicking the link presented in such email message, victims are redirected to a fake website that looks identical or extremely similar to the original one. Victims are then asked to enter their password, credit card details, or some other information that gets stolen by cybercriminals.

Email-virus icon Emails with Malicious Attachments

Another popular attack vector is email spam with malicious attachments that infect users' computers with malware. Malicious attachments usually carry trojans that are capable of stealing passwords, banking information, and other sensitive information.

In such attacks, cybercriminals' main goal is to trick their potential victims into opening an infected email attachment. To achieve this goal, email messages usually talk about recently received invoices, faxes, or voice messages.

If a potential victim falls for the lure and opens the attachment, their computers get infected, and cybercriminals can collect a lot of sensitive information.

While it's a more complicated method to steal personal information (spam filters and antivirus programs usually detect such attempts), if successful, cybercriminals can get a much wider array of data and can collect information for a long period of time.

Sextortion email icon Sextortion Emails

This is a type of phishing. In this case, users receive an email claiming that a cybercriminal could access the webcam of the potential victim and has a video recording of one's masturbation.

To get rid of the video, victims are asked to pay a ransom (usually using Bitcoin or another cryptocurrency). Nevertheless, all of these claims are false - users who receive such emails should ignore and delete them.

How to spot a malicious email?

While cyber criminals try to make their lure emails look trustworthy, here are some things that you should look for when trying to spot a phishing email:

  • Check the sender's ("from") email address: Hover your mouse over the "from" address and check if it's legitimate. For example, if you received an email from Microsoft, be sure to check if the email address is @microsoft.com and not something suspicious like @m1crosoft.com, @microsfot.com, @account-security-noreply.com, etc.
  • Check for generic greetings: If the greeting in the email is "Dear user", "Dear @youremail.com", "Dear valued customer", this should raise suspiciousness. Most commonly, companies call you by your name. Lack of this information could signal a phishing attempt.
  • Check the links in the email: Hover your mouse over the link presented in the email, if the link that appears seems suspicious, don't click it. For example, if you received an email from Microsoft and the link in the email shows that it will go to firebasestorage.googleapis.com/v0... you shouldn't trust it. It's best not to click any links in the emails but to visit the company website that sent you the email in the first place.
  • Don't blindly trust email attachments: Most commonly, legitimate companies will ask you to log in to their website and to view any documents there; if you received an email with an attachment, it's a good idea to scan it with an antivirus application. Infected email attachments are a common attack vector used by cybercriminals.

To minimise the risk of opening phishing and malicious emails we recommend using Combo Cleaner Antivirus for Windows

Example of a spam email:

Example of an email spam

What to do if you fell for an email scam?

  • If you clicked on a link in a phishing email and entered your password - be sure to change your password as soon as possible. Usually, cybercriminals collect stolen credentials and then sell them to other groups that use them for malicious purposes. If you change your password in a timely manner, there's a chance that criminals won't have enough time to do any damage.
  • If you entered your credit card information - contact your bank as soon as possible and explain the situation. There's a good chance that you will need to cancel your compromised credit card and get a new one.
  • If you see any signs of identity theft - you should immediately contact the Federal Trade Commission. This institution will collect information about your situation and create a personal recovery plan.
  • If you opened a malicious attachment - your computer is probably infected, you should scan it with a reputable antivirus application. For this purpose, we recommend using Combo Cleaner Antivirus for Windows.
  • Help other Internet users - report phishing emails to Anti-Phishing Working Group, FBI’s Internet Crime Complaint Center, National Fraud Information Center and U.S. Department of Justice.

Frequently Asked Questions (FAQ)

Why did I receive this email?

Scammers often send the same email to numerous recipients, hoping that a few will fall victim to their scheme. These emails are usually impersonal and generic, without any tailored details.

I have provided my personal information when tricked by this email, what should I do?

If scammers have gained access to your login credentials, change the affected passwords immediately. If you are unable to access your account, reach out to the support team for assistance in resolving the issue.

I have downloaded and opened a malicious file attached to an email, is my computer infected?

The probability of malware infection from an email attachment depends on the file type and user actions. For example, opening a malicious .exe file can result in instant infection, while harmful MS Office documents become dangerous only when the user enables macros.

I have read the email but didn't open the attachment, is my computer infected?

Opening an email is generally safe. Infections happen only when the recipient clicks on malicious links or opens harmful attachments in the email.

Will Combo Cleaner remove malware infections that were present in email attachment?

Combo Cleaner is effective at detecting and removing most known malware. However, to eliminate advanced threats that may be lurking deep within the system, running a full system scan is necessary.

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

New Removal Guides
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Top Removal Guides
QR Code
Fake email from Cryptopia QR code
Scan this QR code to have an easy access removal guide of Fake email from Cryptopia on your mobile device.
We Recommend:

Get rid of Windows malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner

Platform: Windows

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.