Hackers Blackmailing Porn Viewers Have Reportedly Made Nearly $1 Million in Bitcoin

Hackers blackmailing porn viewers by claiming they’ve got videos of them watching adult content have reportedly managed to make nearly $1 million worth of bitcoin thanks to victims who pay up.

According to a reportpublished by cybersecurity firm Area 1, scammers sending victims a threatening email telling them they’ve caught them watching pornography and will leak the video to their contacts unless they pay a bitcoin ransom, have been having success.

In an email shared by Cornell University professor Emin Gün Sirer the hackers claim to know users’ passwords, and claim to have made a “double-screen video” that shows the video the person was watching, along with them watching it thanks to a recording of their webcam.

In reality, security experts claim the hackers don’t have videos of the victims they target, but are merely trying to scare them into paying up. So far the scam appears to be working, as Area 1’s report reveals they’ve made $949,000 worth of bitcoin through it, with the average payout being of $593.

To get their messages past email filters, scammers are reportedly pasting “lines from Shakespeare or Jane Austen in invisible text” in their emails. As Gün Sirer noted in his tweet, victims shouldn’t pay the BTC ransom, as the hackers are contacting those who have had their email accounts breached in the past.

On the haveibeenpwnd website, users can look into whether their data has been leaked in large-scale security breaches. To get to their victims, scammers use this type of leaked data, which includes their email accounts and the passwords they’ve used on the services that suffered the breach.

Then, they tell victims their password, hoping they are indeed reusing passwords. Fortune reports the porn-related threats are one of three variations of email blackmail scammers have been using. Other forms reportedly include claiming they’ll destroy the data on victims’ computers, or they’ll attack them at their workplace. A security researcher has tied the attacks to a seasoned cybercriminal who was behind large security breaches in the past.

P2P Token Trading Platform AirSwap Discloses ‘Critical Vulnerability’

  • Peer-to-peer trading platform AirSwap claims to have identified a "critical vulnerability" in one of its smart contracts. 
  • Ten addresses have been identified so far as being at risk of exploitation. 

Peer-to-peer token trading network AirSwap has disclosed a “critical vulnerability” in a newly released smart contract. 

AirSwap's Critical Vulnerability

According to the disclosure, which was published on Sept. 13, AirSwap’s internal security team identified a potential exploit in a newly released mainnet smart contract. The vulnerability would allow an attacker to “perform a swap without requiring a signature from a counterparty.” 

AirSwap claims that the offending code was only present for twenty-four hours on the network before being identified and removed. However, users of AirSwap Instant between Sept. 11 and Sept. 12 may have been affected by the vulnerability, with the report claiming that 10 accounts have been recognized so far as being at risk. 

AirSwap has published the addresses to the vulnerable accounts, telling all other users that no further action is required. The report also outlines the step-by-step actions taken by the exchange in the aftermath of discovering the vulnerability, including an apology to its client base, 

We would like to deeply apologize to our affected users for any inconvenience these vulnerabilities may have caused, and hope that the important lessons we continue to learn throughout these processes form the basis for a more open, secure, and efficient trading environment.

Featured Image Credit: Photo via Pixabay.com