Coindesk Logo

Phishing Scam Targets US Marshals Service Bitcoin Auction List

Phishing Scam Targets US Marshals Service Bitcoin Auction List

Phishing Scam Targets US Marshals Service Bitcoin Auction List

The attack targeted individuals on the leaked Silk Road auction email list, successfully stealing 100 BTC.

The attack targeted individuals on the leaked Silk Road auction email list, successfully stealing 100 BTC.

The attack targeted individuals on the leaked Silk Road auction email list, successfully stealing 100 BTC.

AccessTimeIconJul 4, 2014, 4:46 PM
Updated May 15, 2023, 2:15 PM

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Individuals on the recipients list of the leaked US Marshals Service email to Silk Road auction enquirers are being targeted in a phishing attack, and at least one individual has fallen for the scam.

The Wall Street Journal confirmed that several individuals on the list received phishing emails from the same source. However, not all the individuals on the leaked email recipients list were targeted.

The unfortunate victim of the attack was Sam Lee of bitcoin arbitrage fund Bitcoins Reserve, which lost 100 BTC as a result.

The funds were sent by the firm's chief technology officer, Jim Chen, after he received what seemed like an email request to do so from Lee. In fact, the funds ended up being sent outside the company to the attacker's wallet. The transaction can be seen here, according to Lee.

Operational oversight

Lee said that the funds he had been scammed out of were owned by Bitcoins Reserve and that he used personal funds to replace them. He informed Bitcoins Reserve investors about the situation in an email, saying:

"As this attack vector was only successful due to an oversight in operations, the founders of Bitcoins Reserve will compensate the company by injecting an additional 100 Bitcoins to ensure we're still effectively performing arbitrage for our investors."

How they did it

The complete procedure for the scam was complicated and extremely sophisticated, but the basic process was as follows.

Lee received an email on 21st June from a certain 'Linda Jackson' claiming to represent BitFilm Production, a genuine company based in Germany. Jackson falsely claimed that the firm was assembling a series of interviews about the impending auction for a client.

Jackson then sent Lee a second email containing a link that directed to a file containing the questions for the interviews. This appeared to be a Google Drive document, but was actually a website controlled by the attacker.

The faked page then requested Lee's email password to gain access to the document, and consequently, when the password was entered, the attacker gained access to Lee's email accounts.

The scammers finally sent an email, purporting to be from Lee, to various employees requesting funds be sent to an external bitcoin wallet address, and the CTO unsuspectingly complied.

Facts agree

Lee's version of the story, and the emails from the attacker corroborating it (which CoinDesk has been given access to), mirror the phishing method described in the WSJ article.

The Journal also reported that while BitFilm Production is a real company, it had never attempted to contact the individuals on the leaked email.

The US Marshals Service has since issued a statement, saying that individuals affected by phishing scams should contact the appropriate law enforcement authorities, noting that the FBI dealt with phishing scams in the United States.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.