I found this phish a few days ago. I’m quite sure something similar has been around for a long time but it’s the first one of this type I’ve seen. It claims to be from the Exodus Cryptowallet company, saying they updated their terms of service and because of the “Know Your Customer” regulations, the target needs to log in to Exodus and acknowledge the change in terms of service.
If the link is clicked, the victim is brought to a page hosted in the .br (Brazil) country TLD asking for several words from the backup phrase of their Exodus wallet.
Once the malicious actor has access to the appropriate words from the backup phrase, they would have access to the victim’s cryptocurrency wallet. Knowing how much some people have in cryptocurrency, this could end up being a windfall.
–Matt