The first report of a Central Intelligence Agency officer sending ransom emails demanding bitcoin in exchange for concealing evidence of child porn was received March 16. Since then dozens of similar reports have come in, each demanding $10K USD payment to a different multi-sig address. As of this posting none of the reported addresses have received ransom payments.
Continue reading New CIA Child Porn Bitcoin Ransom EMAILCategory Archives: Ransom
Popular Sextortion bitcoin addresses
How successful has the bitcoin sextortion email campaign been?
[tweetshare tweet=”Top 50 Sextortion Addresses Received 92 BTC”]
Continue reading Popular Sextortion bitcoin addressesBitcoin Bomb Ransom Fizzled Out: No Payments Made By Deadline
There will be winners and losers in the race to become the best bitcoin extortionist emailer. The latest bitcoin scam email campaign looks like it will be one of the losers.

Starting this morning, from U.S. sources, BitcoinWhosWho.com began receiving reports of a fake bomb threat demanding $20k in bitcoin or a “mercenary” would blow up their building. So far no one has paid any of the 15 bitcoin addresses that have been identified. But, it would only take a few people falling for this to make it worthwhile for the scammer.
The email typically states the bomb or explosive device is made of “lead azide”, “Tetryl” or “Hexogen” but also “tronitrotoluene” has been reported.
Notably, the author really wants to be clear that everything is proceeding “according to my guide”. Oh, and BTW, the bomb will go off by the end of the day if you don’t pay.
Continue reading Bitcoin Bomb Ransom Fizzled Out: No Payments Made By DeadlineThe Future of Bitcoin KYC
1AjZPMsnmpdK2Rv9KQNfMurTXinscVro9V
149w62rY42aZBox8fGcmqNsXUzSStKeq8C
It’s a significant first. For responsible crypto exchanges and bitcoin ATMs operating in this wild west legal environment there are very few FREE KYC/CTF/AML compliance tools available. BitcoinWhosWho.com provides open-source data necessary to adhere to burgeoning global KYC/CTF/AML procedures involving bitcoin transactions.
- Monitor OFAC List
Prevent scam addresses from registering at an exchange. - Bitcoin Transaction Profiling
Warn customers before they send bitcoin to an accused scammer. - Wallet Risk Assessment
Mark wallets which have transacted with “scam” wallets to a higher degree of risk.
42 Countries Report Sextortion Email Scam
The bitcoin “sextortion” scam is officially global. Bitcoin Who’s Who received reports of the now infamous email from people in 42 different countries in September.
Almost a third of the scam reports came from the United States. Continue reading 42 Countries Report Sextortion Email Scam
Sextortion With Password Email Scam Variant Makes 22.67BTC Over First 3 Weeks
Don’t pay it! No matter how convincing inclusion of that old password you used to use makes it seem, they don’t have video of you doing that. Don’t be embarrassed, if you considered paying the ransom email you’re not alone. So far 101 victims have sent 22.67 BTC to 37 of the 176 bitcoin addresses so far reported to be related to the new sextortion with/password scam email variation that first appeared July 10. Reports of previous versions of the same sextortion tactic without the password portion have been reaching us since October 2017. Inclusion of a password is unique over the last three weeks. Continue reading Sextortion With Password Email Scam Variant Makes 22.67BTC Over First 3 Weeks
I Know Your Password #Bitcoin Extortion Email Variant
A new twist on an old trick emerged this week. The porn ransom email claiming to have incriminating video of the recipient which will be released to contacts if not paid in bitcoin, has now included an old compromised password of the recipients in an attempt to add credibility to the scam. Gotta appreciate that dark web creativity. Where did they get all those passwords? The first report of this new variant was received July 10. Since then dozens more reports have come in relating to just over 2 dozen bitcoin addresses as of Friday. This address has been reported 9 times and also has the most total received at 2.83 BTC:
1JHwenDp9A98XdjfYkHKyiE3R99Q72K9X4
Continue reading I Know Your Password #Bitcoin Extortion Email Variant
Bitcoin Porn Blackmail Scam Moved to Poloniex Wallet
When reports of this email scam first started appearing last September the perpetrators were discovered to be using a Matbea wallet. That appears to have changed. On May 30 every output transaction from hundreds of reported blackmail scam addresses went to a Poloniex wallet address.
These bitcoin addresses were reported as scams related to the porn blackmail email:
12UCMcAseQK2syjQWRpnbc8tUtzxzZG9kS
15LKRRYM2k2CCSGT76rNbQmciLZJSxKXAx
18aVwkFAadCvwGBHN8vagouWBWrNEpZAaV
Each of them shows an output to 1E2J2DAFGToqmTxK5H8fG6V3Tp3xqSiAm4 on May 30, 2018.
A quick investigation shows 1E2J2DAFGToqmTxK5H8fG6V3Tp3xqSiAm4 is among the Poloniex wallet cluster.
[tweetshare tweet=”A Poloniex wallet address is being used to run the widespread porn blackmail scam”]
Continue reading Bitcoin Porn Blackmail Scam Moved to Poloniex Wallet
Bitcoin Hitman Email
The addresses we know so far:
1GtWsHzvxuwFkKyhH1m8dHznE8iSdfaR7
12gzbLuWWQHHSvRkUfHUygSU9zRP8aAbKq
1GZGRKGkpdZm195aQpRHciyfPxyciT8duW
However, no blockchain transactions yet.
These are the reports as of Dec 11 2017: Continue reading Bitcoin Hitman Email
Don’t Be Fooled By Colnbase or MyEthenWallet Scams
We received two somewhat convincing phishing emails recently from colnbase.support and myethenwallet.com. Hilarious misspelling aside, it’s not so funny if one of these scams tricks you into entering your private information on the bogus websites they provide.
BitcoinWhosWho does not have any bitcoin addresses associated, please report if you know any! Continue reading Don’t Be Fooled By Colnbase or MyEthenWallet Scams