Phishing Scam Targets US Marshals Service Bitcoin Auction List

The attack targeted individuals on the leaked Silk Road auction email list, successfully stealing 100 BTC.

AccessTimeIconJul 4, 2014 at 4:46 p.m. UTC
Updated May 9, 2023 at 3:02 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now

Individuals on the recipients list of the leaked US Marshals Service email to Silk Road auction enquirers are being targeted in a phishing attack, and at least one individual has fallen for the scam.

The Wall Street Journal confirmed that several individuals on the list received phishing emails from the same source. However, not all the individuals on the leaked email recipients list were targeted.

  • Federal Reserve Launches Instant Payments Service; Tesla's Bitcoin Holdings
    Federal Reserve Launches Instant Payments Service; Tesla's Bitcoin Holdings
  • New Solidus Labs Report Breaks Down Smart Contract Scams
    New Solidus Labs Report Breaks Down Smart Contract Scams
  • 'This Is a One-Time Thing,' FTX to Reimburse Victims of API Phishing
    'This Is a One-Time Thing,' FTX to Reimburse Victims of API Phishing
  • Uniswap User Loses $8M Worth of Ether in Phishing Attack
    Uniswap User Loses $8M Worth of Ether in Phishing Attack
  • The unfortunate victim of the attack was Sam Lee of bitcoin arbitrage fund Bitcoins Reserve, which lost 100 BTC as a result.

    The funds were sent by the firm's chief technology officer, Jim Chen, after he received what seemed like an email request to do so from Lee. In fact, the funds ended up being sent outside the company to the attacker's wallet. The transaction can be seen here, according to Lee.

    Operational oversight

    Lee said that the funds he had been scammed out of were owned by Bitcoins Reserve and that he used personal funds to replace them. He informed Bitcoins Reserve investors about the situation in an email, saying:

    "As this attack vector was only successful due to an oversight in operations, the founders of Bitcoins Reserve will compensate the company by injecting an additional 100 Bitcoins to ensure we're still effectively performing arbitrage for our investors."

    How they did it

    The complete procedure for the scam was complicated and extremely sophisticated, but the basic process was as follows.

    Lee received an email on 21st June from a certain 'Linda Jackson' claiming to represent BitFilm Production, a genuine company based in Germany. Jackson falsely claimed that the firm was assembling a series of interviews about the impending auction for a client.

    Jackson then sent Lee a second email containing a link that directed to a file containing the questions for the interviews. This appeared to be a Google Drive document, but was actually a website controlled by the attacker.

    The faked page then requested Lee's email password to gain access to the document, and consequently, when the password was entered, the attacker gained access to Lee's email accounts.

    The scammers finally sent an email, purporting to be from Lee, to various employees requesting funds be sent to an external bitcoin wallet address, and the CTO unsuspectingly complied.

    Facts agree

    Lee's version of the story, and the emails from the attacker corroborating it (which CoinDesk has been given access to), mirror the phishing method described in the WSJ article.

    The Journal also reported that while BitFilm Production is a real company, it had never attempted to contact the individuals on the leaked email.

    The US Marshals Service has since issued a statement, saying that individuals affected by phishing scams should contact the appropriate law enforcement authorities, noting that the FBI dealt with phishing scams in the United States.


    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.