New Bitcoin Racket Threatens to Use Hitmen on Victims

An old type of extortion tactic gets a new lease on life as victims are threatened with assassination if they do not send Bitcoin.

Threatening people with assassination in a place that offers as much anonymity as the internet does is nothing new, but this time, the extortionist is demanding Bitcoin.

New emails first spotted by BleepingComputer contain a message telling victims to pony up $4,000 in the cryptocurrency. In broken English, the extortionist explains that he runs a website on the dark web that offers services that include assassination, and that the victim was a target for one of his clients.

He then explains that he wants to “offer” the victim the opportunity to end this deal if he receives a $4,000 payment in Bitcoin.

Cryptovest looked at the extortionist’s wallet address and found exactly zero BTC have been paid so far. It’s been more than 24 hours since the email in the screenshot was sent.

This particular extortion racket bears a striking resemblance to the Bitcoin bomb threat emails sent out about a week ago. The following aspects are shared between the two incidents:

  • There is a threat of violent action.
  • The sum demanded is a specific amount of dollars in Bitcoin, not a specific amount of BTC.
  • There is a promise to halt the violent action upon receiving payment.
  • The author of the email uses an alias that differs from the name in the email. The bomber used the name Clair James, but the email address before the “@” symbol read “Frank.” This extortionist uses the name Justine Dibenedetto, but the email address begins with “John.” Both of the names used in the email addresses themselves are typical anglophonic names.
  • Both emails provide a precise time limit upon which funds must be sent to the would-be attacker. The bomber gave victims 24 hours. The extortionist, 38.
  • Both authors use a similar style of broken English.
  • The subjects are vague.

The only clear differences between the two are the destination wallet address used and the fact that the bomber separated paragraphs more consistently than the extortionist.

Cryptovest looked at the bomber’s wallet address and found one transaction of 0.000007 BTC, which is worth two cents today. This may have been the result of a transaction fee.

The similarity between these two incidents indicates that this new attack may have been inspired by the bomb threat.

Reading now