Victims of failed Bitcoin exchange Mt. Gox are being targeted by scammers pretending to represent Kraken, Inc., the Bitcoin firm tasked with recovering funds from the company.

The discovery was made by the security group Cyren, who according to The Register discovered that Mt. Gox users were being targeted by emails that directed them to visit a Google Docs page claiming to host an update on the status of Bitcoin recovery claims.

Once a Mt. Gox victim clicks through on the link, instead of being presented with a document they are instead delivered an executable file that delivers a Windows trojan, that once installed, looks for any local Bitcoin wallets on the now infected machine, and steals Bitcoin from them.

To make that clear: victims of Mt. Gox who have lost millions worth of Bitcoin are now being targeted by a new scam that would see them have even more Bitcoin stolen from them.

It’s not clear how many users have been targeted, but it would appear that the details of the Mt. Gox victims may have been taken from settlement documents currently being used repatriate any funds Kraken may be able to find from what’s left of the company.

Low

We live in an age where hospitals are held ransom for Bitcoin payments, so nothing should be surprising, but this is a new low given it is targeting people who have already been significantly scammed before.

There’s also the consideration of the fact that a Bitcoin company in the form of Kraken is being impersonated, and apparently successfully; whether there is anything Kraken can to do to prevent this isn’t clear, but it’s never a good look when your name is being used to run a scam, even if it’s clearly not your fault nor doing.

Naturally, if you’re a Mark Karpeles Mt. Gox victim always practice safe internet: don’t open a link from anyone you’re not sure about, including Kraken; if you want to check the current status of the Mt Gox visit the official claims portal here.

Image credit: netspi/Flickr/CC by 2.0