Crypto Alert Series: Bitcoin blackmail


Welcome to the Crypto Alert of the Week series by AMLT, a series dedicated to documenting interesting or high profile frauds/hacks etc that recently happened and have been reported into the AMLT Network and show how the AMLT Network can help track and prevent it in the future.

In the last months blackmail and extortion around bitcoin has been getting more and more popular among fraudsters as they’ve been sending e-mails extorting bitcoin to random people. We’ve identified a new player on the market targeting a wide variety of users and seemingly succeeding.

Generally here’s how it works:

– your email is found on some random website/database
– an e-mail with a threat of blackmail/extortion is sent (screen shot below)
– threatened victims pays money using bitcoin to the extorter

Here is an example of one of the emails used to extort funds, this one is originally shared by this twitter user and then was reported into the AMLT network.

As seen above the blackmailer attempts to extort the user for some supposed personal actions that could be “embarrassing” etc. Thing is that the blackmailer holds no such data and in reality is scamming the user. With that said it seems this blackmailer is achieving some success.

The address attempting to blackmail users within the 3 days of activity has garnered around 1 bitcoin from victims but has not yet moved any of the funds. We will continue to monitor the flow of the funds and update accordingly but as soon as the blackmail was reported to the AMLT Network, we analyzed the legitimacy of the data and then implemented it into the Coinfirm AML Platform. Now anyone using the Coinfirm Platform can see the risk associated with the address and funds and act accordingly. Majority of funds from such actions end up on major exchanges, this serves as another use case of how AMLT can not only help fight these actions but help prevent other entities from taking on the risk associated to the entity and funds.

Below you see the end result on the AML/KYC Risk Report as the address is now appropriately flagged with risk indicator and C-score (Risk rating).

Below you can see how our clients and Network Members use the AMLT Network to submit data on nefarious actors using phishing schemes and identity theft on Twitter, email to try and pull funds out of potential victims.