Category Archives: Analysis

Bitcoin Porn Blackmail Scam Moved to Poloniex Wallet

When reports of this email scam first started appearing last September the perpetrators were discovered to be using a Matbea wallet. That appears to have changed. On May 30 every output transaction from hundreds of reported blackmail scam addresses went to a Poloniex wallet address.

These bitcoin addresses were reported as scams related to the porn blackmail email:

12UCMcAseQK2syjQWRpnbc8tUtzxzZG9kS
15LKRRYM2k2CCSGT76rNbQmciLZJSxKXAx
18aVwkFAadCvwGBHN8vagouWBWrNEpZAaV

Each of them shows an output to 1E2J2DAFGToqmTxK5H8fG6V3Tp3xqSiAm4 on May 30, 2018.

A quick investigation shows 1E2J2DAFGToqmTxK5H8fG6V3Tp3xqSiAm4 is among the Poloniex wallet cluster.

A Poloniex wallet address is being used to run the widespread porn blackmail scam

Continue reading Bitcoin Porn Blackmail Scam Moved to Poloniex Wallet

8.97 Bitcoins Burned In 2017

2,759 BTC Burned All-Time
The total amount of bitcoin in circulation decreased by almost 9 in 2017 due to “burn” addresses. Burn addresses, like the Genesis Block, are deadlier than “zombie” addresses, because there is no chance of coming back once BTC is sent to it. There are almost 400 known bitcoin burn addresses, i.e. valid addresses with no private key, to which, for a variety of reasons, people have sent 2,759.42507135 over the years. In 2017, 9 of these addresses received 8.97140133 BTC. That is way down from 2016 when 26.04 BTC was burned. Continue reading 8.97 Bitcoins Burned In 2017

Bitcoin Hitman Email

Bitcoin Hitman Sample Email
BitcoinWhosWho received multiple independent reports of a new bitcoin ransom email threatening people with “I’ve got an order to remove you” circulating.

The addresses we know so far:
1GtWsHzvxuwFkKyhH1m8dHznE8iSdfaR7
12gzbLuWWQHHSvRkUfHUygSU9zRP8aAbKq
1GZGRKGkpdZm195aQpRHciyfPxyciT8duW

However, no blockchain transactions yet.

These are the reports as of Dec 11 2017: Continue reading Bitcoin Hitman Email

New Blacklisted Bitcoin Address API

We’re proud to announce the availability of two new APIs:

Blacklisted Addresses (Reported Scams)
Public Sightings (Website Appearances)

Register for a key today!

Remain fully informed about a bitcoin addresses involvement with reported scams and website appearances found by BitcoinWhosWho.com!

  • Know Your Customers
  • Manage Risk
  • Help Prevent Scams
  • Unique Forensic Analysis

http://bitcoinwhoswho.com/api

Blackmail Scam Run on Russian Wallet Matbea

BitcoinWhosWho.com started receiving reports of a mass email attempting to blackmail recipients out of bitcoin about a month ago. The hilariously worded text always closes with “sorry for misprints, I am foreign”. Rudimentary block exploring shows at least some of these scam addresses are being consolidated on the Russian wallet service Matbea.com. Continue reading Blackmail Scam Run on Russian Wallet Matbea

Bitcoin Ransomware Addresses

List of Bitcoin Ransomware Addresses

Ransomware Name Bitcoin Address
CryptoLocker 4.0 15sJ3pT7J6zefRs95SEsfBZMz8jAw1zAbh
CryptoLocker 1HrEqMHQVWhKuCg7a3rxo2tAFAiKquJ5iP
CryptoLocker 1EJbVfn5hXQ9JcfRyn965UKpNX4qxRW7pY
CryptoLocker 14bgivtRtTjzwiS4rRECoKGXkSZbf1Co39
CryptoTorLocker2015 1KpP1YGGxPHKTLgET82JBngcsBuifp3noW
DMALocker 1382JAg5xbQv7QNwq1svDeyw6ELtNCmujG
Bucbi 1MfVk1utxgvGjMFV3K3CzXsDRDZznj5tey
CryptoHost 18AVPLKGBamXtGpdT3kP2b5Dv3iBUDpjKv
7ev3n 1Lud76Q98VRHCUiyK7XUs7AgFofrqXeP78
TeslaCrypt 15Y2TmHrxjmRFxfNUttwb9aU4DifvDpWKM
TeslaCrypt 1NRn15kJnVRrptTSQJJnMD9KJcWkVFh1Gv
ThunderCrypt 14dqhE6XPoxkkttwwh7qTWmmSwXerWd2Ho
ThunderCrypt 18yfx86BwNK5xYKw71uaHwAxPgCGRJaqgg
ThunderCrypt 1HFY12o56xbHer3oeNxC99A7SGyXaR64hs
Trump Locker 1N82pq3XovKoJYqUmTrRiXftpNHZyu4jyv
Buddy 1AoNMLZfhw7cbMCKAhaKHiveMdwFyVUGeA
Chimera 1JHxr5sbXDoZuDsx624TmZ2MWyDdD9ag8K
CTB Locker 1Hf2vPmYNxzFYWiaURs75h8JoyCczLXCG2
CTB Locker 1E4jsfwFsKVaAVFNfrmGVgDY1HRU8qf7PV
Jigsaw 15fbyNgDnqYQR5vSHJ8PTAEJbKy4dwNBCZ

Bitcoin Ransomware Links

Evolution of Encrypting Ransomware

Ransomeware Notes

WannaCry Ransomware Extorts 39 Payments Worth 6.49 BTC – DAY 1

WannaCry Ransom Note
UPDATE: WannaCry Ransomware Attack up to 14.08007493 BTC on 92 payments as of 11:30am ET May 13. Balances more than doubled in 12 hours.

Today’s widely reported WannaCry ransomware attack is extensive, growing and has already yielded ~USD$12k in profits according to a quick analysis of the BTC addresses involved. On May 12 the 3 bitcoin addresses known to be receiving extortion payments show receipt of 6.49372428 BTC in 39 separate transactions with ransom varying between .15 to .30 BTC each. None of the balances have been moved to new bitcoin addresses since receipt.

The WannaCry Ransomware Bitcoin Addresses Continue reading WannaCry Ransomware Extorts 39 Payments Worth 6.49 BTC – DAY 1

Even Bitcoin’s Richest Keep Getting Richer

Bitcoin’s richest address 3Nxwenay9Z8Lc9JBiywExpnEFiLp6Afp8v received 10,484 more BTC or about USD $8.2 million today.

The transaction originated from 73 multisig addresses. The final balance is now 135,439.82159613 BTC or USD $106.5 million (assuming a $786 exchange rate).

3Nxwenay9Z8Lc9JBiywExpnEFiLp6Afp8v is one of only 3 addresses with a balance of more than 100,000 BTC according to bitinfocharts.com. What happened to bitcoinrichlist?

Lost Forever 26.04 BTC Burned In 2016

Lost coins only make everyone else’s coins worth slightly more. Think of it as a donation to everyone.

– Satoshi Nakamoto

There will eventually be 21 million bitcoins mined however that will never be the true number in circulation. The distinction is important if you want to precisely measure bitcoin value and market capitalization which is setting new records. Not all bitcoin addresses can be spent. The genesis block can never be spent. Likewise any bitcoin sent to a “burn” address are also forever unspendable. A bitcoin burn address is like an impossible vanity address. There is no private key to a burn address and one would be impossible to generate. These are not merely ‘zombies‘ but truly gone forever. How many bitcoins have been “burned” exactly? Continue reading Lost Forever 26.04 BTC Burned In 2016