Recently, there has been a wave of sextortion campaigns hitting the email inboxes of people all over the world. The scammers threaten to expose victims by exposing the adult-viewing activities to their friends and family. In most cases, the scammers will claim that they have been watching victims through their webcam as they watch adult content.
Once the victim believes the scam, the scammers will demand that they pay a ransom in BTC to keep things quiet. Some of the victims fall for the scam and they send the BTC. Recently, researchers sort to uncover what happened to BTC sent to the scammers.
Tracing the Sextortion Coins
According to a report posted by SophosLabs, most of the spam emails were sent during September 2019 and February 2020. Victims were asked to pay up to $800 in BTC. The researchers found that the scammers had amassed close to $500,000 in BTC from their venture.
The researchers found that while most of the emails were in English, some were in German, Italian, Chinese, and French. To avoid spam filters, the scammers used various cloaking techniques such as random strings, garbage text block, and even the use of Cyrillic script to avoid spam filters.
The researchers found that the scammers used 132 crypto addresses. Out of those, 12 were connected to crypto exchanges and online wallet services with lax KYC requirements. Some major crypto exchanges such as Coinpayments, Binance, and LocalBitcoins were also unwitting participants in the scam as the funds were moved around in an attempt to clean them.
The funds were also moved to private non-hosted wallets. Some of the funds ended up in the Dark Web Hydra Market and FeShop, a credit card dump online marketplace. Additionally, the scammers also used crypto mixers to convert the funds into other crypto coins, services, and cash.
In general, the researchers concluded that this was a well-organized scam. Besides that, they noted that some of the funds were used to purchase stolen credit cards. Consequently, it would appear the scammers are using their loot to fund an ongoing criminal enterprise.
If you ever receive an email demanding a ransom, the best thing to do is to delete it or report it to the authorities.