9d : 22h : 39m : 55sGet Tickets
9d : 22h : 39m : 55sGet Tickets

Jimmy Aki

Jimmy has been following the development of blockchain for several years, and he is optimistic about its potential to democratize the financial system.

March 1, 2019

Report Claims That “Sextortionists” Absconded With Over $300,000 in Crypto in 2018

  1. Home › 
  2. Articles › 
  3. Report Claims That “Sextortionists” Absconded With Over $300,000 in Crypto in 2018
<p>According to a report by research and risk assessment firm Digital Shadows</p>
Signup to the Newsletter

Most cyberattacks in the crypto space involve hackers finding a way around the security of crypto exchange platforms and gaining access to users’ funds. Last year saw the entry of a new breed of cyber extortionists that seems to be gaining ground, so much so that they were able to steal over $300,000 in bitcoin (BTC) tokens in 2018.

According to a report by research and risk assessment firm Digital Shadows, this scam was committed through a wide array of “sextortion” blackmail strategies, which included the weaponization of emails.

The report, which was titled “A Tale of Epic Extortions: How Cybercriminals Monetize Our Online Exposure,” revealed that the scam started back in 2017. However, it only gained mainstream notoriety in the middle of 2018, after its list of victims continued to grow.

Digital Shadows was able to track over 792,000 targeted emails, where it discovered the loss of about $300,000 worth of bitcoin, which was stolen from over 3,000 bitcoin wallet addresses.

How They Operate

The goal of the cybercriminals is to convince the victim that their system had been hacked, allowing them to obtain valuable information that could expose their intimate activities.

To look convincing, the extortionists provide the victim with a known password, also known as “proof” of compromise — this is meant to offer evidence of the hack. Then they claim to have footage of the victim watching porn online, urging them to pay a ransom in bitcoin or risk exposure.

As with most email scams, the composition of the emails is often a problem. Per the report from Digital Shadows, the construction of the email could make the difference between one that gets past a spam filter and the one that doesn't. Some sophisticated criminals go to great lengths to distribute emails at scale by using freshly minted outlook.com addresses.

“Across the emails we collected, there was a variation in the capabilities displayed by the attackers. Certain spammers showed little understanding of how to craft and distribute emails on scale, sending malformed emails that would never make it past a mail server or spam filter,” the report reads.

Based on the examination of their IP addresses, the firm noted that the scam wasn’t localized to a single region. Scammers operated across a wide array of locations, with the highest percentage of the emails being sent from a position in Vietnam (amounting to 8.5 percent of the total emails sent); 5.3 percent of the emails were sent from somewhere in Brazil and India came third with 4.7 percent of the total email count.

Targeting Married and “High Net Worth” Individuals

The cybercriminals targeted individuals with high net worth, as they believe these groups could easily pay the ransom without “dragging the process for too long.”

The scammers also targeted married individuals. The criminals often use marriage as extra leverage over the victims, providing an additional incentive to convince the victim to make the payment.

Online Crowdfunding Campaigns

The Dark Overlord (TDO), a prominent extortionist group which, after a brief break, returned in 2018 with a new modus operandi, was featured in the report.

The criminal group changed its model from extorting victims directly to selling “stolen data in batches to other users on criminal forums, and adopted an altogether more unusual tactic: online crowdfunding campaigns.” Using online crowdfunding campaigns, extortionist groups like TDO can raise the ransom the victim would have paid from members of the public desperate to unlock the troves of data in their possession.

The extortionist group reportedly started its career selling data on TheRealDeal, a forum on the dark web. When the forum folded, they went on a spree of extortions, including directly contacting their victims and threatening to expose their private information if their demands weren’t met.

TDO kept providing regular updates of their operations via their Twitter page. The group went back to the dark web in September 2018, recruiting extra accomplices and selling their acquired data on KickAss, another criminal forum. They set up The Dark Overlord Sales, a subsection of KickAss, to sell their data to other parties on the platform.

The cybercriminals victims included insurance provider Hiscox, which lost over 10GB of sensitive data related to the 9/11 bombings to the group. Their operation pattern shows the effectiveness of using crowdfunding platforms to gain more publicity online, while also generating sustainable revenue.

Signup to the Newsletter


<p>Crypto Lender Sees High Demand for Stablecoin Loans in Chinese Market</p>

Crypto Lender Sees High Demand for Stablecoin Loans in Chinese Market

Asia-based crypto lender BabelBank has announced a record-high number of crypto-collateralized loans issued amid new rebranding efforts. The crypto firm will now be called BabelFinance, a name change which, the company says, signifies its efforts to offer broader services for crypto users, especially in the Chinese market. In a statement, the crypto lender claims to […]

Jun 14, 2019

Binance to Block All U.S. Users, Launch Regulation-Compliant Spinoff Site

With the announcement that it will close its exchange services to U.S. customers, Binance pledges to develop a regulatory-compliant Binance.US site.

Jun 14, 2019
<p>Presented in a radio news format no more than 20 minutes long</p>

P2P Bitcoin Exchanges Still Hodl Hodling On

In this episode, Dave and Grahm cover the recent news and developments happening around peer-to-peer (p2p) bitcoin exchanges with Hodl Hodl’s Max Keidun.

Jun 14, 2019
<p>Bakkt has set a testing date for its bitcoin futures product.</p>

Watch Bitcoin React as Bakkt Confirms Futures Market Testing Date

Bakkt has set a date to start accepting users for the testing of its bitcoin futures product.

Jun 14, 2019