Several users of bankrupt crypto exchange FTX are being targeted by a potential phishing attack after being sent a “reset password” request from the exchange’s official customer support email.

The email, which has been reviewed and verified by CoinDesk, was sent by support@ftx.com – the official email address before the exchange collapsed in November.

The password reset link routes to the FTX claims portal that allows users to submit bankruptcy claims for assets they held on the platform before its demise.

Mossab Hussein, co-founder of cybersecurity firm Spidersilk, said the surprising emails can be attributed to one of two options: “It’s either FTX itself sending those emails [to notify them of the claims portal] and giving people a scare. Or, someone has “a list” of emails and is bruteforce resetting their credentials via the portal.”

If a hacker gained access to user’s personal email addresses, they could feasibly gain access to a claimant’s account and divert funds to their personal wallet.

FTX spokespersons didn’t respond to request for comment immediately.

On Monday, many FTX users received an email from Kroll, the restructuring administrators of FTX, explaining that the deadline for claims is set for September 29, 2023.

FTX owes roughly $8.1 billion to customers after it imploded in a pool of leverage and illiquid tokens last November in an event that ravaged the wider crypto market.