Phishing Scam Targets US Marshals Service Bitcoin Auction List

The attack targeted individuals on the leaked Silk Road auction email list, successfully stealing 100 BTC.

AccessTimeIconJul 4, 2014 at 4:46 p.m. UTC
Updated May 9, 2023 at 3:02 a.m. UTC

Individuals on the recipients list of the leaked US Marshals Service email to Silk Road auction enquirers are being targeted in a phishing attack, and at least one individual has fallen for the scam.

The Wall Street Journal confirmed that several individuals on the list received phishing emails from the same source. However, not all the individuals on the leaked email recipients list were targeted.

The unfortunate victim of the attack was Sam Lee of bitcoin arbitrage fund Bitcoins Reserve, which lost 100 BTC as a result.

The funds were sent by the firm's chief technology officer, Jim Chen, after he received what seemed like an email request to do so from Lee. In fact, the funds ended up being sent outside the company to the attacker's wallet. The transaction can be seen here, according to Lee.

Operational oversight

Lee said that the funds he had been scammed out of were owned by Bitcoins Reserve and that he used personal funds to replace them. He informed Bitcoins Reserve investors about the situation in an email, saying:

"As this attack vector was only successful due to an oversight in operations, the founders of Bitcoins Reserve will compensate the company by injecting an additional 100 Bitcoins to ensure we're still effectively performing arbitrage for our investors."

How they did it

The complete procedure for the scam was complicated and extremely sophisticated, but the basic process was as follows.

Lee received an email on 21st June from a certain 'Linda Jackson' claiming to represent BitFilm Production, a genuine company based in Germany. Jackson falsely claimed that the firm was assembling a series of interviews about the impending auction for a client.

Jackson then sent Lee a second email containing a link that directed to a file containing the questions for the interviews. This appeared to be a Google Drive document, but was actually a website controlled by the attacker.

The faked page then requested Lee's email password to gain access to the document, and consequently, when the password was entered, the attacker gained access to Lee's email accounts.

The scammers finally sent an email, purporting to be from Lee, to various employees requesting funds be sent to an external bitcoin wallet address, and the CTO unsuspectingly complied.

Facts agree

Lee's version of the story, and the emails from the attacker corroborating it (which CoinDesk has been given access to), mirror the phishing method described in the WSJ article.

The Journal also reported that while BitFilm Production is a real company, it had never attempted to contact the individuals on the leaked email.

The US Marshals Service has since issued a statement, saying that individuals affected by phishing scams should contact the appropriate law enforcement authorities, noting that the FBI dealt with phishing scams in the United States.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.